computer networks


If you want to move a business from Microsoft Office365 to Google Suite, there is a nice migration utility in Google Suite Admin Console that helps you transfer all accounts data from Exchange Web Server or IMAP.

In case you encounter an error here goes a list of error codes and troubleshooting guide [1].

I did a full migration by granting my temporary user Global Administrator right by current Admin user, then in Exchange Admin Console I had to grant myself an ApplicationImpersonation Admin Role (to access other accounts for migration). After the migration was complete I have rolled back my permissions to a minimum level.

[1] https://support.google.com/a/answer/6254288

I have added support for Panasonic ToughBook CF-F9 U3G GOBI2000 to FreeBSD U3G kernel module [1]. I have added firmware for Panasonic CF-F9 and HP EliteBook 2740p along with gobi_loader updates [2] that are required for 3G modems to work.

At first U3G module will create /dev/cuaU0 interface for QDL firmware load, then after successful firmware load device will reload itself to a modem mode and U3G module will provide additional /dev/cuaU0.* nodes for operations (/dev/cuaU0.2 is the AT command intarface).

In order for this modem to work on FreeBSD you also need to tune some configutation files:

  • /etc/devd.conf:
    attach 100 {
     match "vendor" "0x04da";  #adjust your device VID
     match "product" "0x250e"; #adjust your device PID
     action "/usr/local/sbin/gobi_loader -2000 /dev/cuaU0 /boot/firmware/gobi/";
    };
    
  • /etc/ppp/ppp.conf:
    default:
     set log Phase Chat LCP IPCP CCP tun command
     ident user-ppp VERSION
     set device /dev/cuaU0.2
     set phone *99\#
     set redial 5 10
     set speed 115200
     set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
               \"\" AT AT-OK-AT ATH OK ATZ OK ATE1Q0 OK \
               AT+CFUN=1 OK-AT-OK \
               AT+CPIN? READY-AT+CPIN=\"YOUR_PIN_HERE\"-OK \
               AT+CGDCONT=1,\\\"ip\\\",\\\"internet\\\" OK \
               \\dATDT\\T TIMEOUT 40 CONNECT"
     set timeout 20
     enable dns
     set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255 0.0.0.0
     add default HISADDR
    

You now should be able to use your 3G modem connection with ppp -ddial, after you add your local user to the dialer group with pw groupmod dialer -m your_user_name. Remember to have U3G compiled in. Enjoy the Internets! ๐Ÿ™‚

[1] https://github.com/freebsd/freebsd/pull/115
[2] https://github.com/cederom/gobi_loader

Sometimes you need to perform a network installation (i.e. when no USB or DVD drive is allowed to boot, but you can boot PXE). In case of FreeBSD you can use DNSMASQ to serve the DHCP that will assign the initial client address and configuration along with PXE boot image served over tFTP. At this point you will have bootloader running, so you can serve filesystem over NFS to obtain working environment and/or the installer..

  • Create a directory that will hold the target filesystem over network. In my case that was
    /usr/local/tftp/FreeBSD
  • Put OS/Installer files inside above directory
    cd /usr/local/tftp/FreeBSD
    wget http://(..)/file.iso
    7z x file.iso
  • Edit /etc/exports to export the filesystem over NFS
    /usr/local/tftp/FreeBSD -ro -alldirs -network 192.168.0.0
  • Install the dnsmasq
    pkg install dnsmasq
  • Setup the /usr/local/etc/dnsmasq.conf
    enable-tftp
    tftp-root=/usr/local/tftp/FreeBSD
    
    dhcp-range=192.168.0.50,192.168.0.60,255.255.255.0,1h
    dhcp-boot=boot/pxeboot
    dhcp-option=option:router,
    dhcp-option=option:root-path,/usr/local/tftp/FreeBSD
    
  • Restart services
    service nfsd onerestart
    service dnsmasq onerestart
  • In case you get bootloader running but troubles with NFS make sure that mountd is running. Also you can see who is using the NFS shares with
    showmount -a

PXE Boot always use initial DHCP/tFTP to fetch configuration and bootloader, so the first stage is similar and should work with other Operating Systems and Bootloaders as well, the rest is up to bootloader itself..

I have recently started the OrangeADE project [1], that is Orange Autonomous Device Evaluation, an online platform to evaluate security level of network equipment and verify against known vulnerabilities. OrangeADE is released as Open-Source under the “new” 3-Clause BSD license. Enjoy the work in progress! ๐Ÿ™‚

[1] https://github.com/CeDeROM/OrangeADE

My request for base DHCP Client options parsing was partially implemented.

I have just found and reported bug in credit card related form/script in popular Polish trading platform Allegro. This was just a minor compatibility issue.. ๐Ÿ˜‰

In case you need to reset admin password for a Joomla install, you can do this by simply updating database record.

$ mysql5 -h <database_hostname> -u <database_username> -p <database_name>
Enter password: <database_password>
mysql> show tables;
(...)
mysql> UPDATE <database_prefix>_users SET password='d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199' WHERE username='admin';

This will use mysql5 commadline client to connect to a given database. You will see if tables are in place. Then you will update password hash of user admin to secret which equals:

d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199

You can also use any other database client of your choice, DBeaver is also nice utility with graphical user interface.

You can obtain necessary database access information from configuration.php file accessed by ssh/ftp on a web server.

public $dbtype = 'mysqli';
public $host = '<database_hostname>';
public $user = '<database_username>';
public $password = '<database_password>';
public $db = '<database_name>';
public $dbprefix = '<database_prefix>';

If you want to dump/backup a database into local file, use mysqldump5:

mysqldump5 -h <database_hostname> -u <database_username> -p <database_name> > dumpfile.sql

If you want to restore a database from a local file, use mysql5:

mysql5 -h <database_hostname> -u <database_username> -p <database_name> < dumpfile.sql

There are situations when you have a nice server out there, and you want/need someone to upload important files, but you only want to give them a minimal access to the system. You can use SSHD with sFTP and /sbin/nologin shell for that in chroot environment (dedicated limited userspace). Note that SCP in fact requires a working shell, so you need to use sFTP in this case..

Create a new user account with existing ftp group and /sbin/nologin shell:

# adduser

Alternatively you can modify an existing account to share:

# pw groupmod ftp -m username
# pw usermod username -s /sbin/nologin

You need to set correct permissions to the user home directory and public directory inside for upload:

# chown root:wheel /home/username
# mkdir /home/username/public
# chown username:ftp /home/username/public

Now modify the SSHD server configuration file /etc/ssh/sshd_config and append:

Match Group ftp
        ChrootDirectory         /home/%u
        ForceCommand            internal-sftp
        AllowTcpForwarding      no
        PermitTunnel            no
        X11Forwarding           no

Remember to restart the SSHD in order to apply new configuration:

# service sshd restart

Once the account is not necessary anymore remember to remove it:

# pw userdel username

If you want to use GSM/3G/LTE modem on your FreeBSD box you need to use PPP and following configuration:

default:
 set log Phase Chat LCP IPCP CCP tun command
 ident user-ppp VERSION 
 set device /dev/cuaU0
 set phone *99\#
 set redial 5 10
 set speed 115200
 set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
           \"\" ATH OK ATZ OK AT OK-AT-OK ATE1Q0 OK \
           AT+CFUN=1 OK-AT-OK \
           AT+CPIN? READY-AT+CPIN=\"1234\"-OK \
           AT+CGDCONT=1,\"ip\",\"internet\" OK \
           \\dATDT\\T TIMEOUT 40 CONNECT"
 set timeout 10
 enable dns
 set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255 0.0.0.0
 add default HISADDR

I have found very simple solution on how to access YouTube videos that require Flash using HTML5 player. Although front site may not support HTML5 video player, YouTube usually allows to embed videos to other sites, they also should use WebM codec developed by Google. If you have a video that does not work in HTML5 by default try to run it in embed player by URL modification – replace “/watch?v=” with “/embed/” and it should work! ๐Ÿ™‚

Example:ย http://www.youtube.com/watch?v=M84Y6VXAIaUย ->ย http://www.youtube.com/embed/M84Y6VXAIaU

Next Page »