dduck's playground for blank html/css like back in the 90s

do not F.A.Q. a duck

smb-protocol samba
1325 10.423559 10.9.254.99 10.9.254.77 TCP 54 50178 ? 445 [RST, ACK] Seq=1095 Ack=817 Win=0 Len=0

situation

network with windows10 clients loosing their connection to the samba-shares on a linux box.

analysis

the tcpdump did show the following traffic between win10 client and the samba-server.

1218 9.406740 10.9.254.77 10.9.254.99 NBNS 104 Name query response NB 10.9.254.77
1219 9.406740 10.9.254.77 10.9.254.99 NBNS 104 Name query response NB 10.9.254.77
1303 10.407656 10.9.254.99 10.9.254.77 TCP 66 50178 ? 445 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
1304 10.408045 10.9.254.77 10.9.254.99 TCP 66 445 ? 50178 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 SACK_PERM=1 WS=128
1305 10.408154 10.9.254.99 10.9.254.77 TCP 54 50178 ? 445 [ACK] Seq=1 Ack=1 Win=2102272 Len=0
1306 10.408287 10.9.254.99 10.9.254.77 SMB 213 Negotiate Protocol Request
1307 10.408674 10.9.254.77 10.9.254.99 TCP 60 445 ? 50178 [ACK] Seq=1 Ack=160 Win=64128 Len=0
1308 10.413635 10.9.254.77 10.9.254.99 SMB2 260 Negotiate Protocol Response
1309 10.413794 10.9.254.99 10.9.254.77 SMB2 280 Negotiate Protocol Request
1310 10.414332 10.9.254.77 10.9.254.99 SMB2 326 Negotiate Protocol Response
1319 10.419983 10.9.254.99 10.9.254.77 SMB2 220 Session Setup Request, NTLMSSP_NEGOTIATE
1321 10.420492 10.9.254.77 10.9.254.99 SMB2 307 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
1323 10.421383 10.9.254.99 10.9.254.77 SMB2 597 Session Setup Request, NTLMSSP_AUTH, User: LOCALNET\netuser
1324 10.422765 10.9.254.77 10.9.254.99 SMB2 139 Session Setup Response
1325 10.423559 10.9.254.99 10.9.254.77 TCP 54 50178 ? 445 [RST, ACK] Seq=1095 Ack=817 Win=0 Len=0

i could see the handshake failed by the client. the reason was unclear. all solution in the net lead back the reason to a smb1/smb2 problem.
they recommend "allowinsecureguestauth: 1" as a parameter-key in the registry at the lanmanworkstation tree.

solution

the dc give a win7 gpo to the workstation that the "insecureguestauth" is not (more) allowed/unconfigured "AllowInsecureguestauth:dword 0" . this should be ignored by the win10 stations. sometimes a workstation stumbled over this gpo and write this (smb1?)parameter in their own registry. what let the smb2 protocol stumble. the solution in this case, was only to delete the complete key from registry.

powershell: get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\
remove-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\ -Name AllowInsecureguestauth

Centos 8 munin-nodes need Power-Tools

https://blog.redbranch.net/2020/06/06/centos-8-munin-node-needs-powertools/

Depsolve Error occured: Problem: package munin-node-2.0.54-2.el8.noarch requires perl(Net::SNMP), but none of the providers can be installed\n - conflicting requests - nothing provides perl(Digest::SHA1) >= 1.02 needed by perl-Net-SNMP-6.0.1-25.el8.1.noarch

Solution

sed -i '/enabled=0/enabled=1/' /etc/yum.repos.d/CentOS-PowerTools.repo

munin snmp

situation

no chance to change something or rebuild, all nodes managed by cisco/meraki/veeam. only a little pool of linux boxes.

to monitor this little pool, i installed munin but stumpled over problems with snmp and the nature with the company network. there is no existing dns except the one for winAD.
1. editing /etc/hosts IP.ADD.RE.SS1 printer1 IP.ADD.RE.SS2 server2

2. /etc/munin/plugins
munin-node-configure -snmp ip.add.re.ss -shell

ln -s '/usr/share/munin/plugins/snmp__if_' '/etc/munin/plugins/snmp_99.9.99.66_if_1'
ln -s '/usr/share/munin/plugins/snmp__if_err_' '/etc/munin/plugins/snmp_99.9.99.66_if_err_1'
ln -s '/usr/share/munin/plugins/snmp__if_multi' '/etc/munin/plugins/snmp_99.9.99.66_if_multi'
ln -s '/usr/share/munin/plugins/snmp__netstat' '/etc/munin/plugins/snmp_99.9.99.66_netstat'
ln -s '/usr/share/munin/plugins/snmp__print_supplies' '/etc/munin/plugins/snmp_99.9.99.66_print_supplies'
ln -s '/usr/share/munin/plugins/snmp__uptime' '/etc/munin/plugins/snmp_99.9.99.66_uptime'

3./ munin-node-configure -snmp ip.add.re.ss -shell | bash

4. /etc/plugin-conf.d
every file in this folder is part of the plugin configuration no name confess.for printers i build file print.
vi print
name of the plugin link what munin-node-configuration did build.

[snmp_99.9.99.66*]
env.community public
env.host printer1
[snmp_99.9.99.67*]
env.community public
env.host printer2
2. /etc/munin.conf
[printer]
[printer;printer1]
address 127.0.0.1
use_node_name no
[printer;printer2]
address 127.0.0.1
use_node_name no
systemctl restart munin-node.service

after upgrading from debian 9 to 10 got the start job running for dev disk.
long search different sites not really a solution but a way to go...
lsblk shows the dev and a !new! blkid
the new uuid written in fstab.
then i stumbled about this tiny hit on a site ... comp is encrypted with cryptsetup ... have to change the uuid in a file called "crypttab" too.
changed here => sda6_crypt UUID=abcd123-4567-8901-0101-abcdefg01010101- none luks,swap
After the upgrading the swap got a new UUID and this one was written in the fstab but not in the crypttab.