I’ve been thinking a lot lately about if I still want to pursue a CCIE. If so, which one? There are so many to choose from. Today I spoke to a wise, senior associate of mine and asked him about this question of mine. His advice was invaluable. His suggestion was to study for a CCIE in a speciality that interests you. Why? Because you need some really good motivation to keep working towards it on a constant basis. Excellent advice!
Although I have my CCNP in routing and switching, the CCIE that really interests me is CCIE Data Center. This is because it it contains many of the things that interest me and that I already work with on a day to day basis:
Anyhow, I need to do more research about what the best way is to prepare for taking the CCIE written exam for datacenter. If you have any suggestions, please post them as comments to this article.
Speaking of articles, I also ran across this great one regarding whether or not it’s still worth trying to get the CCIE. If you read the article, make sure you take time to read the comments too. There’s some really good stuff there.
If you are trying to mount a Windows 2008 (or potentially other versions of windows) share using mount.cifs and you keep getting an input/output error like the one below, then read on.
[jason@superfreak ~]$ sudo mount //powerhouse-smb.mydomain.com/LogFiles /mnt/ecomm/ -tcifs -orw,username=doctor
mount error 5 = Input/output error
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
The error reporting that is provided by mount.cifs is really not that good. That input/output error could really mean anything. Let’s use smbclient to attempt a connection to the share. smbclient is sort of like a FTP client, but used to connect to a SMB share. However, the real reason why we are using it is because it gives much more detailed error reporting by default. Also, you could increase the debug level to some truly insane detail.
[jason@superfreak ~]$ smbclient //powerhouse-smb.mydomain.com/LogFiles -U doctor
Enter doctor’s password:
Domain=[POWERHOUSE] OS=[Windows Server 2008 R2 Standard 7601 Service Pack 1] Server=[Windows Server 2008 R2 Standard 6.1]
tree connect failed: NT_STATUS_DUPLICATE_NAME
Finally, some more detail. The error message ‘NT_STATUS_DUPLICATE_NAME’ indicates that the connection was denied by the windows server because the destination host name that I provided was different then the computer name set on the actual destination server. This is a security feature in Windows Server 2008 (and likely other versions of Windows). In my case this is because I access the server through a load balancer. There is a special virtual service on the load balancer to allow the SMB connection into the server. However, for you the mismatch might be caused by a alias in your hosts file, bad DNS entry or simply even a mistype.
Now try the mount operation using the IP addresses instead of the hostname. Using just the IP address will not cause that security check to trip. Now it should work with no issues.
Did you just find a thisserver.crt file on your machine and you want to check the details of what it’s for? In other words you have a SSL certificate that you want to decode.
You need to be on Linux and have OpenSSL installed. Then use the x509 module:
openssl x509 -text -in thisserver.crt
I do file restores from snapshots using a linux server. In my case it’s Centos.
I do this by creating a disk resource from a snapshot on my IPStor SAN. Then I assign the new resource to all nodes of my HQ VMWare cluster.
- Create a disk resource from a snapshot on my IPStor SAN.
- Assign the new resource to all nodes of my HQ VMWare cluster.
- In VMWare, set the path settings for the new FC resource to round robin. (Do this on each node in the cluster.)
- Add the resource to the restore linux server as a Raw Device Mappings.
- SSH into Linux server used for doing restores.
- Rescan the SCSI bus in order to make the new device available for mount. Replace the “X” with the proper host number.
echo “- – – ” > /sys/class/scsi_host/hostX/scan
- View the /var/log/messages file in order to determine what block device ID this resource has showed up as. In the example output, you will notice in green that this resource is registered as block device sdb1. Look for some output like this:
Aug 4 10:48:28 zenoss ntfs-3g: Unmounting /dev/sdb1 (Users) Aug 4 11:06:22 zenoss kernel: Vendor: VMware Model: Virtual disk Rev: 1.0 Aug 4 11:06:22 zenoss kernel: Type: Direct-Access ANSI SCSI revision: 02 Aug 4 11:06:22 zenoss kernel: target0:0:1: Beginning Domain Validation Aug 4 11:06:22 zenoss kernel: target0:0:1: Domain Validation skipping write tests Aug 4 11:06:22 zenoss kernel: target0:0:1: Ending Domain Validation Aug 4 11:06:22 zenoss kernel: target0:0:1: FAST-40 WIDE SCSI 80.0 MB/s ST (25 ns, offset 127) Aug 4 11:06:22 zenoss kernel: SCSI device sdb: 1572864000 512-byte hdwr sectors (805306 MB) Aug 4 11:06:22 zenoss kernel: sdb: Write Protect is off Aug 4 11:06:22 zenoss kernel: sdb: cache data unavailable Aug 4 11:06:22 zenoss kernel: sdb: assuming drive cache: write through Aug 4 11:06:22 zenoss kernel: SCSI device sdb: 1572864000 512-byte hdwr sectors (805306 MB) Aug 4 11:06:22 zenoss kernel: sdb: Write Protect is off Aug 4 11:06:22 zenoss kernel: sdb: cache data unavailable Aug 4 11:06:22 zenoss kernel: sdb: assuming drive cache: write through Aug 4 11:06:22 zenoss kernel: sdb: sdb1 Aug 4 11:06:22 zenoss kernel: sd 0:0:1:0: Attached scsi disk sdb Aug 4 11:06:22 zenoss kernel: sd 0:0:1:0: Attached scsi generic sg1 type 0
- Make sure that you can see the new resource.
- Mount the new resource to a available mount spot.
mount /dev/sdb1 /mnt/recover1
- Do your restore by copying off the files that you need….yada yada yada
- Now it is time to unmount and disconnect the restore resource.
- unmount the block device:
umount /dev/sdb1 /mnt/recover1
- Delete the SCSI resource from the SCSI bus:
echo “scsi remove-single-device a b c d” > /proc/scsi/scsi
a == hostadapter id (first one being 0)
b == SCSI channel on hostadapter (first one being 0)
c == ID
d == LUN (first one being 0)
- Make sure the resource is gone.
- Now remove the RDM from the virtual host.
- Remove SAN assignment of the snapshot resource from VMWare cluster.
- Have vmware hosts rescan their FC connectsions.
- Delete snap shot resource from SAN.
- You are done.
I just switched over to using Empathy for my IM client. I really like it better then Pidgin because it has much smoother integration with GNOME3 and is slicker looking. However, one of the things that it is really lacking is the fact that it doesn’t have plugins. Since it doesn’t have plugins, I can’t use encryption such as OTR (Off The Record).
I hope the Empathy fairies here this and that OTR gets added some time.
If you need to TFTP new software (or any other file for that fact) onto a ASA from a TFTP server that is on the other side of a VPN tunnel, you will need to specify the source interface for the TFTP client to use.
The easiest way to do this, is to specify it inline with the copy command:
copy tftp://192.168.1.30/ASA/asa842-k8.bin;int=INSIDE-management disk0:/asa842-k8.bin
Where, 192.168.1.30 is the IP of the TFTP server. INSIDE-management should be replaced with whatever interface you want to use as source.
Today I learned something new about Fire Fox 3.6.17. I was migrating a SSL EV certificate from a IIS server onto a Virtual Server that is located on a KEMP LoadMaster. This test server on the LM is running a prototype/test site. Therefore, the domain name doesn’t match the domain name that the SSL cert was created for. This normally will create a SSL name mismatch error in the web browser. This error normally can then be bypassed by the user, this process is called “Security Exception” in Fire Fox. I went to add this exception and found that Fire Fox wouldn’t allow me to add it. What’s interesting is that the exception window tells you that the identification of the certificate is so positive that there is no reason for you to add an exception.
This site provides valid, verified identification. There is no need to add an exception.
I think this is a good thing. It really helps make the EV certificates more strong and adds value to them. I guess I’ll go back to using a self signed certificate for testing.
Great quick reference article on suid, sguid and sticky bit.
Ever wonder what all the default colors outputed by ls in BASH mean? These are some of the common default ones:
Executable files: Green
* Normal file : Normal
* Directory: Blue
* Symbolic link : Cyan
* Pipe: Yellow
* Socket: Magenta
* Block device driver: Bold yellow foreground, with black background
* Character device driver: Bold yellow foreground, with black background
* Orphaned syminks : Blinking Bold white with red background
* Missing links ( – and the files they point to) : Blinking Bold white with red background
* Archives or compressed : Red (.tar, .gz, .zip, .rpm)
* Image files : Magenta (.jpg, gif, bmp, png, tif)
Do you need to ping the inside interface of a ASA across a VPN tunnel?
Maybe you need to do this for monitoring purposes, or whatever.
Allow access of ICMP to the inside interface:
icmp permit host 192.168.1.10 inside
Monitoring station —> 192.168.1.10
Inside interface —> inside