dduck's playground for blank html/css like back in the 90s

do not F.A.Q. a duck

switch on snmpd on vmware

situation


sometimes you cant activate snmpd on vmware over the webui ... the easy way is the ssh connection to the vmware machine and ...

analysis

solution


esxcli system snmp set --communities public
esxcli system snmp set --enable true

source

situation

got 5-year old hardware and have to change dell chassisname and identification id

analysis


/admin1-> racadm
racadm>>getsysinfo

racadm getsysinfo

RAC Information:
RAC Date/Time = Wed Sep 30 11:40:19 2020

Firmware Version = 2.65.65.65
Firmware Build = 15
Last Firmware Update = 09/25/2020 16:53:13
Hardware Version = 0.01
MAC Address = xx:xx:xx:xx:xx

Common settings:
Register DNS RAC Name = 1
DNS RAC Name = iDRAC4
Current DNS Domain = xxxxxxxxxxxxx
Domain Name from DHCP = Disabled

IPv4 settings:
Enabled = 1
Current IP Address = xx.xx.xx.xx
Current IP Gateway = xx.xx.xx.xx
Current IP Netmask = 255.255.252.0
DHCP Enabled = 0
Current DNS Server 1 = xx.xx.xx.xx
Current DNS Server 2 = xx.xx.xx.xx
DNS Servers from DHCP = Disabled

IPv6 settings:
Enabled = 0
Current IP Address 1 = ::
Current IP Gateway = ::
Autoconfig = 0
Link Local IP Address = ::
Current IP Address 2 = ::
Current IP Address 3 = ::
Current IP Address 4 = ::
Current IP Address 5 = ::
Current IP Address 6 = ::
Current IP Address 7 = ::
Current IP Address 8 = ::
Current IP Address 9 = ::
Current IP Address 10 = ::
Current IP Address 11 = ::
Current IP Address 12 = ::
Current IP Address 13 = ::
Current IP Address 14 = ::
Current IP Address 15 = ::
DNS Servers from DHCPv6 = Disabled
Current DNS Server 1 = ::
Current DNS Server 2 = ::

System Information:
System Model = PowerEdge M520
System Revision = I
System BIOS Version = 2.9.0
Service Tag = xxxxxxx
Express Svc Code = xxxxxxxxxxxx
Host Name = VMware04
OS Name = VMware ESXi
OS Version = 6.5.0 U3 build-16576891
Power Status = ON
Fresh Air Capable = Yes

Watchdog Information:
Recovery Action = None
Present countdown value = 15 seconds
Initial countdown value = 15 seconds

System Thermal Information:
EstimatedSystemAirflow = NA
EstimatedExhaustTemperature = NA

Embedded NIC MAC Addresses:
NIC.Embedded.1-1-1 Ethernet = xx:xx:xx:xx:xx
NIC.Embedded.2-1-1 Ethernet = xx:xx:xx:xx:xx

racadm>>config -g

cfgActiveDirectory
cfgEmailAlert
cfgIPv6LanNetworking
cfgIPv6StaticLanNetworking
cfgIPv6URL
cfgIpmiLan
cfgIpmiPef
cfgIpmiSol
cfglannetworking
cfgLDAP
cfgLdapRoleGroup
cfgLogging
cfgOobSnmp
cfgRacSecurity
cfgractuning
cfgRacVirtual
cfgRemoteHosts
cfgserial
cfgserverInfo
cfgServerPower
cfgSessionManagement
cfgSmartCard
cfgStandardSchema
cfgStaticLanNetworking
cfguseradmin
cfgUserDomain
cfgVFlashPartition
cfgVFlashSD
ifcRacManagedNodeOs

racadm>>config -g ifcRacManagedNodeOs -o

ifcRacMnOsHostname
ifcRacMnOsOsName
ifcRacMnOsOsVersion

racadm>>config -g ifcRacManagedNodeOs -o ifcracmnoshostname VMware09

racadm config -g ifcRacManagedNodeOs -o ifcracmnoshostname VMware09
Object value modified successfully

RAC1169: The RACADM "config" command will be deprecated in a future version of iDRAC firmware. Run the RACADM "racadm set" command to configure the iDRAC configuration parameters. For more information on the set command, run the RACADM command "racadm help set".

racadm>>exit

source

https://www.dell.com/downloads/global/power/ps2q06-20060105-Zhang-OE.pdf
https://www.dell.com/support/article/de-de/sln266160/dell-poweredge-how-do-i-change-the-system-host-name-on-the-idrac
http://lifeofageekadmin.com/using-dell-racadm-on-redhat-centos/
https://cs.uwaterloo.ca/~brecht/servers/docs/PowerEdge-2600/en/Racadm/racadmc1.htm
https://www.aftershox.com/2013/07/11/how-to-configure-a-dell-idrac-card-using-the-racadm-command-line-tool/

Mozilla Thunderbird does not connect correctly to mail server after update to 78.1.1

situation

Since upgrading to Thunderbird 78.1.1 (32-bit) I'm not able to receive emails from my pop server and when i try to send an email I get the following error message.
"Sending of the message failed. Peer reports incompatible or unsupported protocol version. The configuration related to mail.******.com must be corrected."

analysis

the mail server is working intern with an old version. so i had to say TB it have to accept this kind of connection.

solution

If you have been effected by Thunderbird 78 changing the minimum tls security level to TLSv1.2 and the server you get emails downloaded from is not using the most up to date protocol then you not be able to get access to server using original server settings. Suggest you test this by trying a reset of the minimum version which by default is now set to 3. To test this you can do one of the following: Using original server settings. Menu app icon > Options. Scroll all the way to the bottom and click on 'Config Editor' button. Skip past the warning. In search type: tls.version Look for this line: security.tls.version.min Double click on that line to open edit window set the value to 1 click on OK Restart Thunderbird. If this gets you access, then you have a choice. Either leave that setting in place OR Revert the setting for 'security.tls.version.min' back to 3 and try changing the server settings to use: Port : 110 Connection Security: try 'STARTTLS', if it still fails then try 'None'

source

https://support.mozilla.org/de/questions/1300809

linux shell login message

situation

login message for non-linux colleagues to send some hints and infos create a file "whatevername.sh" in "/etc/profile.d/" in my case i create "loginmessage.sh" and write something like this...
echo ""
echo "########################################"
echo "#for GUI connect to this machine with Remotedesktop#"
echo "########################################"
echo " mariaDB Datenbankserver "
echo ""
loginmessage.sh (END)
Web console: https://xxx-mariadb.xxx-net.local:9090/ or https://xx.xx.xx.xx:9090/
Last login: Tue Sep 8 07:22:51 2020 from xx.xx.xx.xx

########################################
#for GUI connect to this machine with Remotedesktop#"
########################################

mariaDB Datenbankserver

smb-protocol samba
1325 10.423559 10.9.254.99 10.9.254.77 TCP 54 50178 ? 445 [RST, ACK] Seq=1095 Ack=817 Win=0 Len=0

situation

network with windows10 clients loosing their connection to the samba-shares on a linux box. 10.9.254.77 = smb-share server 10.9.254.99 = win10 client

analysis

the tcpdump did show the following traffic between win10 client and the samba-server.

1218 9.406740 10.9.254.77 10.9.254.99 NBNS 104 Name query response NB 10.9.254.77
1219 9.406740 10.9.254.77 10.9.254.99 NBNS 104 Name query response NB 10.9.254.77
1303 10.407656 10.9.254.99 10.9.254.77 TCP 66 50178 ? 445 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
1304 10.408045 10.9.254.77 10.9.254.99 TCP 66 445 ? 50178 [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 SACK_PERM=1 WS=128
1305 10.408154 10.9.254.99 10.9.254.77 TCP 54 50178 ? 445 [ACK] Seq=1 Ack=1 Win=2102272 Len=0
1306 10.408287 10.9.254.99 10.9.254.77 SMB 213 Negotiate Protocol Request
1307 10.408674 10.9.254.77 10.9.254.99 TCP 60 445 ? 50178 [ACK] Seq=1 Ack=160 Win=64128 Len=0
1308 10.413635 10.9.254.77 10.9.254.99 SMB2 260 Negotiate Protocol Response
1309 10.413794 10.9.254.99 10.9.254.77 SMB2 280 Negotiate Protocol Request
1310 10.414332 10.9.254.77 10.9.254.99 SMB2 326 Negotiate Protocol Response
1319 10.419983 10.9.254.99 10.9.254.77 SMB2 220 Session Setup Request, NTLMSSP_NEGOTIATE
1321 10.420492 10.9.254.77 10.9.254.99 SMB2 307 Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
1323 10.421383 10.9.254.99 10.9.254.77 SMB2 597 Session Setup Request, NTLMSSP_AUTH, User: LOCALNET\netuser
1324 10.422765 10.9.254.77 10.9.254.99 SMB2 139 Session Setup Response
1325 10.423559 10.9.254.99 10.9.254.77 TCP 54 50178 ? 445 [RST, ACK] Seq=1095 Ack=817 Win=0 Len=0

see the handshake failed by the client. the reason was unclear. all solution in the net lead back the reason to a smb1/smb2 problem.
they recommend "allowinsecureguestauth: 1" as a parameter-key in the registry at the lanmanworkstation tree.

solution

the dc give a win7 gpo to the workstations that the "insecureguestauth" is not (more) allowed/unconfigured "AllowInsecureguestauth:dword 0" . this should be ignored by the workstation by default because this insecureguestauth is not more allowed by win10/smb2. but sometimes a workstation stumbled over this gpo/rule and write this parameter in their own registry. what let the smb2 protocol stumble. the solution in this case, was only to delete the complete key from registry and take the gpo from the dc away.

powershell: get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\
remove-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\ -Name AllowInsecureguestauth

source

smb1-smb2 problem https://winxperts4all.at/index.php/betriebssysteme/windows-10/1808-unsichere-gastanmeldungen-aktivieren-in-windows-10
https://answers.microsoft.com/de-de/windows/forum/all/windows10-blockiert-netzwerkfreigabe-f%C3%BCr-nas/99cd9126-dade-4a08-bcc0-3bd1a24cd01e
https://de.minitool.com/datenwiederherstellung/zugriff-verweigert.html
https://ask.wireshark.org/question/15935/what-would-cause-a-rstack-from-client-to-smb-server/
https://www.johnpfernandes.com/2018/12/17/tcp-flags-what-they-mean-and-how-they-help/
https://robertheaton.com/2020/04/27/how-does-a-tcp-reset-attack-work/

Centos 8 munin-nodes need Power-Tools

https://blog.redbranch.net/2020/06/06/centos-8-munin-node-needs-powertools/

Depsolve Error occured: Problem: package munin-node-2.0.54-2.el8.noarch requires perl(Net::SNMP), but none of the providers can be installed\n - conflicting requests - nothing provides perl(Digest::SHA1) >= 1.02 needed by perl-Net-SNMP-6.0.1-25.el8.1.noarch

Solution

sed -i '/enabled=0/enabled=1/' /etc/yum.repos.d/CentOS-PowerTools.repo

munin snmp

situation

no chance to change something or rebuild, all nodes managed by cisco/meraki/veeam. only a little pool of linux boxes.

to monitor this little pool, i installed munin but stumpled over problems with snmp and the nature with the company network. there is no existing dns except the one for winAD.
1. editing /etc/hosts IP.ADD.RE.SS1 printer1 IP.ADD.RE.SS2 server2

2. /etc/munin/plugins
munin-node-configure -snmp ip.add.re.ss -shell

ln -s '/usr/share/munin/plugins/snmp__if_' '/etc/munin/plugins/snmp_99.9.99.66_if_1'
ln -s '/usr/share/munin/plugins/snmp__if_err_' '/etc/munin/plugins/snmp_99.9.99.66_if_err_1'
ln -s '/usr/share/munin/plugins/snmp__if_multi' '/etc/munin/plugins/snmp_99.9.99.66_if_multi'
ln -s '/usr/share/munin/plugins/snmp__netstat' '/etc/munin/plugins/snmp_99.9.99.66_netstat'
ln -s '/usr/share/munin/plugins/snmp__print_supplies' '/etc/munin/plugins/snmp_99.9.99.66_print_supplies'
ln -s '/usr/share/munin/plugins/snmp__uptime' '/etc/munin/plugins/snmp_99.9.99.66_uptime'

3./ munin-node-configure -snmp ip.add.re.ss -shell | bash

4. /etc/plugin-conf.d
every file in this folder is part of the plugin configuration no name confess.for printers i build file print.
vi print
name of the plugin link what munin-node-configuration did build.

[snmp_99.9.99.66*]
env.community public
env.host printer1
[snmp_99.9.99.67*]
env.community public
env.host printer2
2. /etc/munin.conf
[printer]
[printer;printer1]
address 127.0.0.1
use_node_name no
[printer;printer2]
address 127.0.0.1
use_node_name no
systemctl restart munin-node.service


After upgrade, the swap got a new UUID

after upgrading from debian 9 to 10 got the start job running for dev disk. long searches on different sites did not give me really a solution but a way to go... lsblk shows the dev and a !new! blkid for the dev. with blkid the new uuid written in fstab. but it was not the final solution. then i stumbled about this tiny hit on a site..
"when the comp is encrypted with cryptsetup ... you have to change the uuid in a file called "crypttab" too."
changing here sda6_crypt UUID=abcd123-4567-8901-0101-abcdefg01010101- none luks,swap