Well, since the first blog entry about donuts happened to be the single most visited page (by external users that weren't me) for the months of December AND January, I thought this topic needed a follow up.
Besides, it's always nice to find out you're not alone when it comes to opinions on a topic:
(and no, this post really doesn't have any content. but that's what the "Personal" category is for. and yes, I think a visit to the grocery store is soon to be coming...)
I recognize that spam is a big problem on the Internet. At work, I'm responsible for manually reviewing all the messages that the server filters catch (propose idea of filtering | boss paranoid about losing important messages | lowest cost employee → me). And I can tell you it's no fun going through thousands of drug, sex, phishing, and pirated media messages each week (just to find that someone's subscription to "Headline News" got caught this week…). Although, if you're feeling particularly humane this week, and just really want to help those Nigerians get that cash out of the country, just drop me a line and I can see about hooking you up with plenty of addresses to contact…
Anyway, I KNOW that spam is a problem. But I still think it's kinda extreme to just block all DHCP addresses. Especially when there's no way for someone to get off the list. Which is exactly what SORBS does. Oh, and to top it off they make you go through one of those CAPTCHA things that's hard as hell for a human to read, but trivially beatable using AI techniques, to even find that that's the reason you've been getting NDR's for the last 2 days on all the messages from friends that you've been replying to!
So I got to spent hours fiddling around with Smart Host settings & DNS entries, then another hour to confirm that things at least looked like they were working securely.
On the bright side, it does look like the ridiculously complicated and convoluted method is actually working, so look forward to getting emails back from me in the future instead of sitting in the dark for a couple of weeks.
(sorry to everyone who emailed me and expected replies during the last 1.5 months)
Today's "DUH! I'M AN IDIOT!" award goes to...me. Yay, I won something.
I get it for not putting the /* on the end of the path I was trying to publish with ISA. The /extranet.aspx links should now work. The funny thing is I forgot it despite there being other paths published in the same rule that correctly had the /* at the end. So, basically, if I had just like, looked at the screen maybe, I should have seen the problem immediately.
If anyone wants a Windows Live! Messenger invite, I've got a bunch to give away. Just email me at stultsj@ntldr.net from the email account on the Passport that you want to WL!M enable.
If you don't know what WL!M is, it's basically the next version of MSN Messenger. If you don't know what MSN Messenger is, umm...do a search or something?
Update (2006-0213): okay, so half that stuff doesn't seem to be working properly...grrrrr...I'll look into it and update this post when everything is behaving properly.
A couple of changes have been made to this site design...not really sure whether I'll keep them. Mostly just playing around right now.
Summary of changes:
- Added RSS <link/> element to /default.aspx. Need to add one to /announcements.aspx too.
- Put some content on the Extranet page. You can grab the root certificate if you feel like trusting me to issue digital certs...
- Removed "ntldr.net: the site" banner (it annoyed me today...no real other reason).
- Changed underlying SharePoint theme from "vNext" to "Glass", since having big black boxes/bars didn't look so good to me (and I never got around to fixing things up to look nice with "vNext").
Sidenote: I know that /default.aspx doesn't render properly in IE7. I have no idea WHY right now, and it probably isn't just IE7 that has problems (although IE6 seems to work correctly).
Anyway, any thoughts on it?
Follow the two links in the post...
Context update: this was one of the fun things I found during OS's today, thus proving (again) that having PowerPoint slides available for a class leads to decreased attention.
Another Algorithms assignment due today, so I'm still basically brain dead. But I installed the IE7 Beta 2 Preview, and thought I should at least test out if parts of my site still worked...
IE7 Beta 2 Preview is out...get it at www.microsoft.com/windows/ie if you're feeling adventurous and stupid (note the AND on those two conditions at the current time).
Funny post: http://kupek85.livejournal.com/71090.html. I found it funny at least. Preliminary feedback from testing on IM subjects indicates that part of the humour comes from knowing the people in the post.
And the results from the logs for January are in...#1 most read post (as measured by people actually clicking on the link and reading the post) was ID81: Donut-ilicious ( www.ntldr.net/Blog/DispForm.aspx?ID=81). I have no idea why. Explanations are welcome, especially funnier ones. Or ones that actually make sense.
It's been a while since I last posted about my adventures at work with Solaris. The optimistic amongst you may have just figured "hey, he got it working and is being snobbish about sharing the tricks to it with us." Oh how I wish that were the case...instead, it's been dragging out, sitting there half complete while other stuff comes up.
It's been half complete because it was going nowhere. And has continued to go nowhere. But the monitor for the one Sun system has been sitting on my desk, glaring at me and serving as a constant reminder of my shame & failure.
High points: I got Samba working! Single sign-on! whoo-hoo! Better yet, it stayed working. Until we upgraded the DC's, which now run Windows Server 2003 R2. Crap.
See, in Server 2003 R2, the schema changed to be RFC 1307 (I think that's the #...) compliant. That means that the builtin OS tools for managing Unix identity attributes no longer work with the settings that Samba's winbindd picks up. So effectively, Samba has stopped working as desired.
So after looking at the current state of things, and what was actually needed, and my available options, I decided to scrap the whole lot. And so, in 10 minutes of using Windows to set things up, and another 3 hours on Solaris, I'm almost back to where I was with Samba for integrated authentication.
Steps to retrofit NIS onto Solaris:
- Edit /etc/hosts to contain the NIS servers
- Create a /etc/defaultdomain file containing the NIS domain name
- Run "ypinit -c"
- Edit /etc/nsswitch.conf to contain entries for NIS as needed (this part isn't exactly working for me quite yet...)
Useful sites:
http://technet2.microsoft.com/WindowsServer/en/Library/05e70117-b880-448b-9f89-6d637a402d5e1033.mspx
The PKI system I have on my computers has been upgraded: it now has 1 working smart card that I'm using for testing & evaluation!
The smart card is an Axalto Cryptoflex 32k e-gate. The certificate server is Windows Server 2003 Certificate Services. The client is straight Windows XP SP2 (no additional Axalto CSP, so I had to use their Personalization tool to format it for Windows 2000 compatibility).
Now, there was one tiny problem I've run into. When trying to request a new certificate using certmgr.msc, it would always generate the error "Certificate request could not complete. The specified user was not found." (or something along those lines). After combing the event logs, doing a number of web searches, and examining every nook and cranny of the Certificate Process, I found the solution.
It turns out the user requesting the certificate can't be logged in using the UPN ( username@domain). You have to login using the domain username, password, domain format.
At work we bought two new servers to replace our 5-6 year old DC's. I got most of the OS installed last weekend, and got the go ahead today to bring one of them up as a DC in the domain.
So I ran dcpromo.exe, walked through the wizard, and let it do its thing. After 5 minutes or so, it failed, saying the schema was out of date and needed to be updated. Which was funny, because its a Windows Server 2003 SP1 domain, and I thought that Windows Server 2003 R2 was the same core OS as 2003 SP1. Well, it turns out that atleast the AD components in R2 are newer (to support the Federation Services? or maybe the Integrated Unix Authentication?).
However, running adprep.exe from Disc 1 didn't help, since it kept saying the schema was up to date.
Well, it turns out there's ANOTHER adprep.exe that has to be run. It's located on DISC 2 under the \CMPNTS\R2\ADPREP folder. So, "adprep.exe /forestmode" (and, curiously, "adprep.exe /domainprep /gpprep", for our domain) needs to be executed before dcpromo will work.
Next time, I'll try looking at the docs before doing something I've done dozens of times before...
|
About the author
Jeffrey Stults is a software developer currently in Portland, Oregon. He is contactable at:
stultsj@ntldr.net
Archive
| | Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|
| 29 | 30 | 31 | 1 | 2 | 3 | 4 | | 5 | 6 | 7 | 8 | 9 | 10 | 11 | | 12 | 13 | 14 | 15 | 16 | 17 | 18 | | 19 | 20 | 21 | 22 | 23 | 24 | 25 | | 26 | 27 | 28 | 1 | 2 | 3 | 4 | | 5 | 6 | 7 | 8 | 9 | 10 | 11 |
Disclaimer
Disclaimer
The opinions expressed herein are my own personal opinions and do not represent
my employer's view in any way.
© Copyright
2012
Jeffrey Stults, Jr.
Statistics
Total Posts: 256
This Year: 0
This Month: 0
This Week: 0
Comments: 23
Utilities
Pick a theme:
Sign In
|