Netexpertise

Having loads of sites, it is extremely difficult to keep track of device’s locations, and even if you do, you may not be aware some people moved computers or printers around to a new place without telling; It can also be useful to know where a device was last seen.
 
Requirements:
– Add network switches in GLPI making sure Name (DNS name), brand, location and type fields are filled in
– Generate an SSH key pair on the server from where you are going to run the script, install the public key on the switches so you can log on automatically on each one of them
Supported switches include Cisco Catalyst, HP Procurve* and 3com but could be ported easily to other brands.
Check Cisco, HP and 3com official documentation to install the public key on each device.
– Run the script
 

 
Features:
– Gets the switch list from GLPI (registered as “switch” in network devices)
– Connects to the switches and gets a list of mac addresses
– If the mac is found in GLPI (within Computer, Printers or Network devices), updates Last modified date and location
– If not, gets the mac’s vendor from Internet. A cache makes it faster if the 6 digits were found before
– Tells percentage of known macs
– tells if duplicates are found in GLPI (mac found on the network matching multiple devices in GLPI)
– Works on Cisco, HP* and 3com switches and could be easily modified for other brands that support SSH auto-connect. Some gears like Cisco Small Business don’t support it.
% gets better as you register more and more macs in GLPI
You have no idea how many devices connect to the network!

* in combination with rancid

Tags: GLPI

The “QUOTE” FTP keyword is essential to allow a user to run system-specific commands on servers (eg SITE or ALLO)
 
Most FTP clients send a NOOP – that actually is a dummy packet – to keep the connection up

ftp> quote noop
200 NOOP ok.

 
QUOTE SYST returns the Operating System the FTP server runs on, or at least gives you a hint.
 
Check these 2 examples on Linux Redhat and IBM i, the second giving more details than the first

ftp> quote syst
215 UNIX Type: L8

ftp> quote syst
215  OS/400 is the remote operating system. The TCP/IP version is "V7R1M0".

Tags: FTP, security

Windows services can be started with a Managed Service Account (MSA) for the sake of security and easy management.
 
It was working just fine until I initiated a server reboot. The service would not start. Opening the service and wiping out the password field makes the service start again.
 
What could be wrong?
Let’s focus on the message displayed when setting up the MSA: The account has been granted the Log On As a Service right.
This setting can be overwritten by a group policy (GPO) that could be applied globally on the domain.
 
An easy way to check which accounts are given the Log On As a Service Right is to run rsop.msc.

 
Browse to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment and check that your Managed Service Account is in the list under the Security Policy Setting. If not, update your GPO and check the policy comes first in the Precedence tab.

Tags: GPO, Service Account, Windows