Backup Google Authenticator Database

Two factor authentication is great – I wish everything would use it.   My personal 2FA (specifically TOTP)  mobile app is Google Authenticator.  It allows you to scan a barcode, or manually enter a 2FA initilization token, and gives you a nice display of all of your stored 2FA tokens, with a great countdown of the token’s expiration.  However, it does have one critical flaw feature:  You can’t export your accounts.

Let me re-state that:  Your 2FA tokens are locked away in your mobile device.  Without the device, you’re locked out of your accounts (Hopefully you created backup codes).  If your device becomes inoperable, good luck!

However, if you have root access to your device, you can grab the Google Authenticator database and stow it away for safe keeping by grabbing it from the following location on your phone:

/data/data/com.google.android.apps.authenticator2/

If you have ADB enabled, you can just run the following command:

 adb pull /data/data/com.google.android.apps.authenticator2 

Keep this information very secure, as it can be used to generate 2FA codes for all of your accounts!

Exchange Dynamic Distribution Group Delivery Problems

Consider the following:

An Exchange Dynamic Distribution Group has a valid recipient filter, and the filter generates the desired resultant set of recipients with the following PowerShell command:

Get-Recipient - RecipientPreviewFilter $(Get-DynamicDistributionGroup "name").RecipientFilter

However, when a user sends a message to the group, no messages are delivered, and the sender does not receive an NDR.

One possible cause of this issue is a property of the dynamic distribution group called RecipientContainer.  This is similar to the SearchBase attribute of the Get-ADUser cmdlet: it specifies the container in which to apply the RecipientFilter.  Therefore, the RecipientContainer must be the OU (Or a parent of) in which the desired users are stored.

More info here: https://www.corelan.be/index.php/2008/11/05/dynamic-distribution-lists-not-working-as-expected-0-recipients-during-mail-routing/

Troubleshooting OwnCloud index.php

Sometimes OwnCloud includes “index.php” in the shared links.  It’s annoying and ugly.  Here’s some things to check:

  1. Is mod rewrite enabled in the apache config?
    <Directory /var/www/html/owncloud/>
     Options Indexes FollowSymLinks MultiViews
     AllowOverride All
     Order allow,deny
     Allow from all
     <IfModule mod_dav.c>
      Dav off
      </IfModule>
     SetEnv HOME /var/www/html/owncloud
     SetEnv HTTP_HOME /var/www/html/owncloud
    </Directory>
    
  2. Is the .htaccess correct?  The ###DO NOT EDIT### Section must contain this line (Generally the last line in the IfModule for mod_rewrite
    RewriteRule .* index.php [PT,E=PATH_INFO:$1]
    
  3. .htaccess must also contain this block for the web app to generate URLs without “index.php”
    <IfModule mod_rewrite.c>
      RewriteBase /
      <IfModule mod_env.c>
        SetEnv front_controller_active true
        <IfModule mod_dir.c>
          DirectorySlash off
        </IfModule>
      </IfModule>
    </IfModule>
    

Those are my findings for making sure OwnCloud URLs stay pretty.

Unifi Controller on 16.04

Steps to install the UniFi controller on Ubuntu 16.04.  Note that the package depends on JRE7, so we must add the ppa repo to apt.

echo "deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti" > /etc/apt/sources.list.d/ubnt.list
apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50

sudo add-apt-repository ppa:openjdk-r/ppa
sudo apt-get update

sudo apt-get install unifi

Expand Ubuntu LVM

Expand an existing Ubuntu LVM without creating additional partitions, or adding to LVM VGs:

  1. Expand the physical device (VMware, HyperV, DD to a new physical device,  etc)
  2. Use offline GParted cd to re size the extended partition on which LVM lives
  3. In live OS, use parted “resizepart” to extend the logical partition inside of the previously re sized extended partition
    (parted) resizepart
    Partition number? 5
    End? [268GB]? 1099GB
    
  4. reboot
  5. use LVM to resize the PV:
    pvresize /dev/sda5
  6. resize the filesystem in the LV:
    resize2fs

 

References:

Install QLC+ Ubuntu 16.04

Steps for installing Q Light Controller + on Ubuntu 16.04 x86_64

  1. Install Dependencies:
    sudo apt-get install libqtdbus4 qtcore4-l10n libqt4-xml libmng2 libqt4-declarative libqt4-sql libqt4-xmlpatterns libftdi1 libqt4-network libqt4-script libqtcore4 libqtgui4
  2. Download the DEB
    wget http://www.qlcplus.org/downloads/4.10.4/qlcplus_4.10.4_amd64.deb
  3. Install
    sudo dpkg -i qlcplus_4.10.4_amd64.deb

Windows 7 Update Pain!

For those unfortunate enough to still be deploying Windows 7, I implore you to ensure your workstations have at least one of  the following updates to save yourself much pain:

These updates address a situation where the Windows Update client causes the machine to grind to a halt. This can be especially troublesome if you’re beginning to manage your environment with SCCM (even if you’re only deploying SCEP updates) as SCCM’s updating mechanism relies upon the Windows Update client.

So, before you deploy any updates to Windows 7 clients, ensure the machines have the above KB’s installed!

For more information, follow this TechNet blog post: https://social.technet.microsoft.com/Forums/windows/en-US/4a782e40-bbd8-40b7-869d-68e3dfd1a5b4/windows-update-scan-high-memory-usage?forum=w7itproperf&prof=required

DNSMasq as a DHCP Relay Target

DNS Masq is a great little DNS and DHCP combo server built into most DDWRT images, and available in most Linux distributions.

With it you can define custom DNS A records:

address=/owncloud/owncloud.somedomain.org/192.168.10.12
address=/unifi/unifi.somedomain.org/192.168.10.12

You can also define multiple DHCP scopes. This comes in handy if you want to configure the DNSMasq server as the DHCP Helper (or DHCP Relay) on your switch:

dhcp-range=devices,192.168.10.100,192.168.10.200,255.255.255.0,1m
dhcp-range=guest,192.168.20.100,192.168.20.200,255.255.255.0,1m

If you specify multiple ranges, you’ll also need to configure the default gateway for each of these networks:

dhcp-option=devices,3,192.168.10.1
dhcp-option=guest,3,192.168.20.1

You can also create DHCP reservations for specific hosts by MAC address:

dhcp-host=00:1e:c9:4a:d7:fe,owncloud,192.168.10.12,1h
dhcp-host=04:18:d6:52:77:88,AP,192.168.1.4,1h
dhcp-host=70:77:81:B6:03:71,Printer,192.168.20.58,5m

Resources:

Schema Validation Errors While Setting an XML Node Value

When attempting to set the node value in an InfoPath form with code, “schema validation” errors may appear.   This is primarily caused by attempting to set the value of a field with one of the following data types:

  • Whole Number (integer)
  • Decimal (double)
  • Date (date)
  • Time (time)
  • Date and Time (dateTime)

The workaround is to remove the “nil” attribute from the element:

public void DeleteNil(XPathNavigator node)
{
if (node.MoveToAttribute(“nil”, “http://www.w3.org/2001/XMLSchema-instance”))
      node.DeleteSelf();
}

Additional Resources:

Managing ZFS Snapshots

ZFS is a great file system, providing much flexibility, and simple administration.   It was originally developed for Sun operating systems, but has been ported to Linux, and support is now baked in to Ubuntu Server 15.10.

ZFS natively supports snapshots, but there is a tool for automagically creating, and aging snapshots: https://github.com/zfsnap/zfsnap.  (Man page: http://www.zfsnap.org/zfsnap_manpage.html)

Installation is fairly straight forward:

  • clone the Git repo
  • copy the files to /usr/local/src
  • create a link to the binaries path:
    ln -s /usr/local/src/zfsnap/sbin/zfsnap.sh /usr/local/sbin/zfsnap

After that, set up a crontab for automatic snapshot creation:

crontab -e
26 * * * * /usr/local/sbin/zfsnap snapshot -a 5d -r tank

And finally, set up crontab for automatic snapshot deletion:

 0  1 * * * /usr/local/sbin/zfsnap destroy -r tank