For all those that are writing powershell scripts. I came across a unique scenario where I had to call an external application - in this scenario curl - and had to pass certain details to the application via a powershell script.
The character is a simple :
(Note: for all those wondering why I don't use build in powershell commands for downloading files from the internet, this scenario is to upload specific files to a HTTP site where a username and password is required)
Curl requires that username and password are submitted like this
<username>:<password>
Unfortunately, this caused problems with the powershell script where it would only read the username and not the password. After trying all sorts of solutions, such as ' " / \ [] {} before the : I finally found the solution!
The solution was to place the : in ' '
example: curl.exe -v --user gtlg':'randompassword --data-binary @filename https://somesite.com
Tuesday, August 7, 2012
Thursday, May 3, 2012
Linux AD Integration with Powerbroker
Linux and Window Authentication is a topic that comes up often and there are various ways of achieving this. We have been testing the Powerbroker Identity Services Open Source Edition (PBIS) and have found it very easy to install and use.
PBIS comes with a GUI and CLI installation interface. In order to test it, we decided that the CLI would be the better approach and give us a better insight into the tool. For the test we used Centos 6.0 and Fedora 16 as the Linux hosts.
The installation is simple and straight forward. Just type the following cmd and answer yes to the questions:
BASH# sh pbis-open-6.5.561.linux.x86_64.rpm.sh
The installation may require a reboot, but we found it was not always necessary. The default installation will create the directory /opt/pbis for the installation.
Once installed its time to add the linux host to the active directory domain and gain, using CLI, this is easily done. For this example we were joining the linux host to the domain example.com. We used the account administrator but this can be any account with privilege on the active directory domain.
BASH# /opt/pbis/bin/domainjoin-cli join EXAMPLE.COM administrator
That completed the installation and the linux host was then part of the domain. A straight forward and easy installation. To test we then logged in via SSH with the following:
BASH# ssh "example\gtlg"@192.168.1.2
by default pbis however does not use the BASH shell and creates the home diretory as follows:
/home/local/EXAMPLE/gtlg
This was not in-line with our normal standards and led us to dig a bit further into pbis to see how we could make it match our policies. Again pbis turned out to be very easy to use and very straight forward in editing the configuration. To change the default settings requires simple cmd's from pbis to edit the pbis "registry".
To change the default shell to the BASH shell was as follows:
in /opt/pbis/bin: ./config LoginShellTemplate /bin/bash
To change the default home directory is match this standard - /home/EXAMPLE/gtlg
in /opt/pbis/bin: ./config HomeDirTemplate %H/%D/%U
%H = /home
%D= Domain Name
%U = Username
At this point we had working logins via console or ssh, the use of the BASH shell by default and the directory structure that we wanted. Our last test was to see how to add users to groups and visudo. Again we are pleased to say that it was very simple.
in /opt/pbis/bin: use the command enum-groups and find a group in Active Directory that you want to use. In our case we used the group Domain Admins which was displayed by pbis as EXAMPLE\domain^admins. Adding this to our linux host was as simple as editing /etc/group and adding EXAMPLE\domain^admins into a group.
adding a group to sudo is just as easy and is as follows:
EXAMPLE\\domain^admins ALL=(ALL) ALL
Powerbroker Identity Services is great and works exactly as described.We have tested the file permissions and sudo rights successfully.
PBIS comes with a GUI and CLI installation interface. In order to test it, we decided that the CLI would be the better approach and give us a better insight into the tool. For the test we used Centos 6.0 and Fedora 16 as the Linux hosts.
The installation is simple and straight forward. Just type the following cmd and answer yes to the questions:
BASH# sh pbis-open-6.5.561.linux.x86_64.rpm.sh
The installation may require a reboot, but we found it was not always necessary. The default installation will create the directory /opt/pbis for the installation.
Once installed its time to add the linux host to the active directory domain and gain, using CLI, this is easily done. For this example we were joining the linux host to the domain example.com. We used the account administrator but this can be any account with privilege on the active directory domain.
BASH# /opt/pbis/bin/domainjoin-cli join EXAMPLE.COM administrator
That completed the installation and the linux host was then part of the domain. A straight forward and easy installation. To test we then logged in via SSH with the following:
BASH# ssh "example\gtlg"@192.168.1.2
by default pbis however does not use the BASH shell and creates the home diretory as follows:
/home/local/EXAMPLE/gtlg
This was not in-line with our normal standards and led us to dig a bit further into pbis to see how we could make it match our policies. Again pbis turned out to be very easy to use and very straight forward in editing the configuration. To change the default settings requires simple cmd's from pbis to edit the pbis "registry".
To change the default shell to the BASH shell was as follows:
in /opt/pbis/bin: ./config LoginShellTemplate /bin/bash
To change the default home directory is match this standard - /home/EXAMPLE/gtlg
in /opt/pbis/bin: ./config HomeDirTemplate %H/%D/%U
%H = /home
%D= Domain Name
%U = Username
At this point we had working logins via console or ssh, the use of the BASH shell by default and the directory structure that we wanted. Our last test was to see how to add users to groups and visudo. Again we are pleased to say that it was very simple.
in /opt/pbis/bin: use the command enum-groups and find a group in Active Directory that you want to use. In our case we used the group Domain Admins which was displayed by pbis as EXAMPLE\domain^admins. Adding this to our linux host was as simple as editing /etc/group and adding EXAMPLE\domain^admins into a group.
adding a group to sudo is just as easy and is as follows:
EXAMPLE\\domain^admins ALL=(ALL) ALL
Powerbroker Identity Services is great and works exactly as described.We have tested the file permissions and sudo rights successfully.
Tuesday, May 1, 2012
Cheap NAS Storage - Part 1
A client has a requirement for cheap storage that will be used for backups, file storage, ISO/Image storage and VM Storage. The client has a small budget and therefore cannot afford to purchase a propriety solution due to budget constraints. Our team is going to be investigating this and to start off with began research into creating a custom NAS solution with inexpensive hardware and opensource products.
There a few solutions available on the net for this. The most notable being FreeNAS and Openfiler which both provide multiple services, a easy to use GUI and provide some HA and Replication. During the research phase we also came across this custom built solution:
http://eugenyho.blogspot.com/
Seeing fantastic work from FreeNAS, Openfiler and now this blogger is great to see and shows how much cheap storage is a requirement for other businesses too. The only issue is that these solutions do not seem to be scalable and only provide mirror functionality between two servers. As with most IT staff, we always want more :)
EugenyHo attempted to find a scalable solution using GlusterFS but was not able to do so. This project we will be embarking on will be to expand on the original idea and see if there is a way to approach a scalable, HA enabled SAN solution through other methods (without being overly complex)
There a few solutions available on the net for this. The most notable being FreeNAS and Openfiler which both provide multiple services, a easy to use GUI and provide some HA and Replication. During the research phase we also came across this custom built solution:
http://eugenyho.blogspot.com/
Seeing fantastic work from FreeNAS, Openfiler and now this blogger is great to see and shows how much cheap storage is a requirement for other businesses too. The only issue is that these solutions do not seem to be scalable and only provide mirror functionality between two servers. As with most IT staff, we always want more :)
EugenyHo attempted to find a scalable solution using GlusterFS but was not able to do so. This project we will be embarking on will be to expand on the original idea and see if there is a way to approach a scalable, HA enabled SAN solution through other methods (without being overly complex)
Wednesday, April 18, 2012
Subscribe to:
Posts (Atom)