‹‹ First ‹ Prev Comments(0) Random Next › Last ››
Inktober Day 31
‹‹ First ‹ Prev Comments(0) Random Next › Last ››

Inktober Day 31

by on October 31, 2019 at 22:21
Chapter:

Pentel brush pen on 80lb sketchbook paper, various Pigma Micron markers and a Faber Castell Pitt ‘cold gray III 232’ pen.

Today’s prompt was ‘Ripe’.

Here’s a quick comic about ripe melons draw in a cartoony style. There’s a bit of a nudge-nudge wink-wink thing going on. That’s supposed to be me and my wife. Even some space for a speech balloon, when I finished I thought it stood by itself.

 

Twitter link to this comic

 

That’s the end of Inktober. What did I learn?

That drawing everyday is FUN.

Like everything, it takes practice.

I really like using the pentel brush marker.

The blue pencil lead is great for starting something.

Over the course of the month, I really liked building a habit of drawing something every day. It took my mind off things, and gave me a little something extra to look forward to at night. Using the official prompt list made me plan ahead either on the way to work or even staring at a white sheet. I hope to do more little sketches and posting them here as I go along.

 Comment 

Using Powershell to Pull API Information

by on September 27, 2022 at 11:43
Posted In: IT Blog

Up until recently, I was familiar with the idea of client pulling down information from a database. A database requires updates, patching, and maintenance. Usually, I’d be the one doing all that care and feeding, additional to taking proper care of the client application. Recently I’ve been playing with api-ninjas.

API-ninjas requires a free account, and provides back to you an API key. Some of the things you can pull include:

  • Airline flight information
  • Cocktail recipes
  • Conversion of Currency
  • DNS lookup
  • Holidays
  • IP information

The list is quite exhaustive. An API is a great alternative to that pesky database maintenance above. Api-Ninja includes code on pulling the API’s in python, C#, ruby and so forth. However, it did not include anything about powershell.

Below, I’ve pasted code to get a random fact of the day:

$apikey  = "###supersecretapikey###"
$params = @{
    "Uri"  = "https://api.api-ninjas.com/v1/facts?limit=1"
    "method" = "get"
    "headers" = @{"X-API-Key" = $apikey
}
Invoke-RestMethod @Params | fl

##Sample output##
fact : A sneeze zooms out of your mouth at over 600 m.p.h

To use or change this code, change the Uri paramenter above to the value given by api-ninjas. Examples include:

https://api.api-ninjas.com/v1/cocktail?name=$input #for taking input for cocktail recipes

https://api.api-ninjas.com/v1/iplookup?address=$IP #for taking input for IP address
└ Tags: , , , ,
 Comment 

Azure – resetting a password for a Domain Controller VM

by on May 7, 2021 at 01:19
Posted In: comic

I came across a situation the other day.

In my Azure Tenant, I have a VM, a domain controller that hosts, well… my domain.

I only use it for testing, most recently I was doing some SSPR testing. I only turn it on occasionally for testing some powershell scripts, this password reset utility, and other things that only an on-premises Domain Controller can really do.

Over time, over about 2 weeks I didn’t need it and had this server sitting in a powered off state. When I did need it again, after powering it on, I realized I couldn’t login with my Domain Admin credentials. The error was that my password had expired, and I needed to reset it.

Okay, I’ll use my backup Domain Admin account to reset it. The problem was, the backup Domain Admin account was giving the same error.

Uh-oh.

My primary, and backup domain admin accounts to my one cloud controller that is not replicated anywhere are both locked out. Now what?

Luck has it, there’s as way to do this that’s fairly painless and actually quite simple.

  1. Create a .ps1 file. The only contents it needs are one line:
Net user AD-Admin NewP@ssword!

Name it something relevant like “password_reset.ps1”

This HAS to be an account that’s active in your AD, and perferrably a Domain Admin account. The password can be whatever you want, as long as it fits your password domain policy.

2. Goto portal.azure.com -> Storage accounts -> any_of_your_storage_accounts ->containers (create one if you have to) -> upload. Upload the .ps1 file you created in step 1 above.

3. In portal.azure.com -> Virtual Machines -> Your_VM_DC -> Settings -> Extensions -> Add a Custom Script Extension

Browse to the storage container in step 2, point to the .ps1 file created in step 1

Let the deployment run

6. Log onto your DC VM in Azure with the credentials from step 1 above. RESET any or all your domain admin passwords that have that requirement.

7. Uninstall and delete that Custom script extension from step 3 for this VM. Otherwise, every time it boots it will reset the password for this one user.

Delete that .ps1 file from the storage container too!

└ Tags: , , , , , ,
 Comment 

Azure – Import users into cloud via CSV file

by on May 7, 2021 at 01:09
Posted In: IT Blog

There’s a few different methods to import users into your Azure tenant.

  1. In the Azure Active Directory Portal https://aad.portal.azure.com -> Users -> Bulk Operations -> Bulk create
  2. Or you can use a little powershell

This will focus on the powershell method. Mainly because the Azure Portal only requires point and click. Plus, this is way more fun.

The Sample CSV format:

UserPrincipalNameDisplayNameGivenNameSurnamejobTitleMailNickNameObjectIdAccountEnabledAgeGroupCityCompanyNameConsentProvidedForMinorCountryCreationTypeDepartmentFacsimileTelephoneNumberIsCompromisedImmutableIdMobilePasswordPoliciesPasswordProfilePhysicalDeliveryOfficeNamePostalCodePreferredLanguageShowInAddressListStateStreetAddressTelephoneNumberUsageLocationUserStateUserStateChangedOnUserType
nabendun@customdomain.onmicrosoft.comNabendu NahasapeemapetilonNabenduNahasapeemapetilon$null104667339TrueMinorSpringfieldnull United States null856-511-6827    304-960-7231    Guder Lao2810Nepali Illinois43090 Jay Drive314-812-4954US      Member
jimboj@customdomain.onmicrosoft.comJimbo JonesJimboJones$null142259518TrueMinorSpringfieldnull United States null546-298-0636    558-695-5632    Purabaya2810Hebrew Illinois39176 Weeping Birch Court851-166-3492US      Member

And here’s the sample code below.

Make sure before you run to execute connect-azureAD first!

$CSV = Import-Csv C:\path_to_CSV_file.csv -Delimiter ","
 
foreach ($User in $CSV) {
$user.UserPrincipalName
$user.DisplayName
$user.GivenName
$user.Surname
$user.jobTitle
$user.MailNickName
$user.ObjectId
$user.AccountEnabled
$user.AgeGroup
$user.City
$user.CompanyName
$user.ConsentProvidedForMinor
$user.Country
$user.CreationType
$user.Department
$user.FacsimileTelephoneNumber
$user.IsCompromised
$user.ImmutableId
$user.Mobile
$user.PasswordPolicies
$user.PasswordProfile
$user.PhysicalDeliveryOfficeName
$user.PostalCode
$user.PreferredLanguage
$user.ShowInAddressList
$user.State
$user.StreetAddress
$user.TelephoneNumber
$user.UsageLocation
$user.UserState
$user.UserStateChangedOn
$user.UserType

         Set-AzureADUser -ObjectID $user.UserPrincipalName `
         -jobTitle $User.jobtitle `
         -AgeGroup $User.AgeGroup `
         -City $User.City `
         -CompanyName $User.CompanyName `
         -Country $User.Country `
         -Department $User.Department `
         -FacsimileTelephoneNumber $user.FacsimileTelephoneNumber `
         -Mobile $User.Mobile `
         -PhysicalDeliveryOfficeName $user.PhysicalDeliveryOfficeName `
         -Postalcode $user.PostalCode `
         -State $user.state `
         -Streetaddress $user.StreetAddress `
         -TelephoneNumber $user.TelephoneNumber `
         -UsageLocation $user.UsageLocation

        write-output $User
}
└ Tags: , , , , , , ,
 Comment 

Synology DS420+ review

by on January 24, 2021 at 11:00
Posted In: IT Blog
C:\CE496225\37E7B726-D2B5-4491-A22C-B72D069EC170_files\image001.png

 

Introduction

A little over 7 years ago, I purchased a DS413J. It was everything I needed; lots of storage, ample power, and served media in the house suitably well. Fast-forward to 2020, the DS413J is feeling rather aged. The Web UI and 2FA login sometimes takes a little longer than two minutes to fully login. Transfer speeds at 30Mb/s feels unimpressive, and it takes sometimes up to 10 minutes to reboot.

I decided it was time to get into a DS420+. This would serve as my main file/media share while to leverage the CPU, upgradeable RAM and much improved performance.

 

History

Synology mainly deals in networking products. The company started with consumer network storage, and have expanded into IP surveillance, and consumer router hardware. Synology’s network storage is pliable across consumer to SMB all the way to corporate SAN. This is also where they really shine. A NAS – Network Attached Storage runs file shares without the overheard of a running server that consumes space, cooling, network, licensing, and power. Most of the NAS models – the DS series, which I’ll cover below are small, quiet, and very unassuming.

The consumer NAS market is competitive, with names like QNAP, Terra Master, Western Digital, Drobo, and Buffalo to name a few. While I won’t go into each of those name brands, I typically see consumers here in Canada picking between QNAP and Synology.

If you’ve ever wondered about the naming convention of the Synology NAS devices, I’ve broken it down here:

Synology DiskStation naming explained
  • 1 – Leading letters [DS][RS][DX]. DS – Diskstation (the formfactor you see here). RS – RackStation (Rack mounted NAS). DX – Diskstation Expansion, and so on.
  • 2 – The first number(s). Sometime a single digit. This is the maximum amount of internal drives the NAS can house, with expansion units. [ie. A 1812+ = 8 disks in unit, with 10 extra disks from expansion units allowed]
  • 3 – The last 2 digits. Demarks the year released. [DS413J = released in 2013, DS420+ = released in 2020]
  • 4 – The very last character denotes the performance. This does change depending on the market segment. Generally, the most common ones are J= home entry level, Play = media specific functions with some encoding, Plus (+)= performance level, XS = Top tier specifications.

Audience

Who buys a NAS? Who is it meant for? A NAS is meant for anyone with lots of data that needs to be securely and safely stored in a central location. I emphasize ‘central’ because we all know the pain of multiple USB drives. While convenient, they do end up in odd places or sometimes misplaced when you need them.

This is where a NAS steps in. One location for storing all the files, easily accessible by smart devices, and more flexible and cost friendly over cloud storage. A NAS can also stream media; which means you have the option to watch any owned, stored media on your device of choice. And, no streaming service fees either.

The Synology Diskstation Manager also offers a massive menu of different applications; security, webhosting, authentication, and surveillance. For guys like me, there’s Virtual Machine manager, Radius Server, Active Directory integration – the list keeps growing.

Hardware

CPU

Intel Celeron J4025 2-core 2.0GHz, burstable up to 2.9GHz

Memory

2GB DDR4 [expandable to 6GB]

HHD Bays

4 x 3.5″ or 2.5″ SATA HDD/SSD (not included)

2 x M.2 2280 NVMe SSD (not included)

USB

2 x USB 3.0 (front and back)

LAN

2 x 1Gbe RJ-45

AC

100 V to 240 V AC

HD Drive bays are all plastic and screwless. Everything has markings for sliding into the standard 3.5″ HDD pin holes. Included are screws for 2.5″ HDD’s as well. Once the HD’s are in the unit, they’re snug with no vibration. There’s also a Synology Key for each drive bay to lock each independently. The front of the unit has indicator lights for status, each individual drive, and the power button. One USB 3.0 connection in the front, and one USB 3.0 in the back. Sadly, there’s no Esata connection for expanded / backup storage. The double RJ-45 connections can also be used independently, teamed, or for failover.

Network protocols

SMB,AFP,NFS,FTP,WebDAV,CalDAV,iSCSI,Telnet,SSH,SNMP,VPN (PPTP, OpenVPN, L2TP)

File System

-internal: Btrfs, ext4

-external (connected via usb): Btrfs, ext4, ext3, FAT, NTFS, HFS+, exFAT

RAID types

SHR (Synology Hybrid RAID), Basic, JBOD, RAID 0/1/5/6/10

SSD Cache

-read/write cache support

-M.2 NVMe SSD Support

File Sharing Capacity

-Max local user accounts: 2048

-Max local groups: 256

-Max shared folders: 512

-Max concurrent SMB/NFS/AFP/FTP connections: 500

Virtualization

Vmware Vsphere 6.5, Hyper-V, Citrix, OpenStack

Software

Once again, the Disk Station Manager web GUI is flawless. On initial boot you’re asked to install the latest DSM, then format any installed Hard Disks. After it reboots again, it’s off to configure your RAID storage. Interesting note here, the official spec sheet mentions Synology Hybrid RAID (SHR) as an option. On first install with 2 disks, SHR was available.

Volume Creation Wiz rd Configure storage pool property (optional) RAID type: Minimum number of driæs SHR r RAID: Sto g e_ 1 SHR 1 (SHR with only one driæ will able to driæ This is the RAID type for uærs. this type pu to driæs of siæ in the to optimiæ siæ and to data

After installing another 2 disks, SHR was absent? I have a feeling the option was quietly removed to favor disks of the same size to fit industry standards.

Storage Pool Creation Wizard Configure storage pool property Storage pool description (optional): RAID type: Minimum number of drives per RAID: RAID 5 Description: RAID 5 provides fault tolerance and increased RAID 5 can sustain the loss of a single drive. I reconstructed from parity striped across the re performance is severely impacted while a RAID space and cost are more important than perfor Back Main-storage RAID 5 RAID 1 RAID 5 RAID 6 RAID 10 Basic JBOD RAID O hree drives is required. from the failed drive is ad and write D 5 is ideal when Next Cancel

SHR has the ability to protect disks of different sizes. This isn’t a deal breaker to me, but it’s worth noting for someone that’s looking for this functionality. Just to point out, it IS best practice to use disks of all the same size for any sort of RAID configuration.

The Web GUI is incredibly quick and responsive. This largely because of the Intel Celeron J4025 processor and 2GB DDR4 RAM. Even after adding 2Factor authentication, it’s much speedier than my 413J. Creation of shares, installation of new packages, configuring Media services and Video station are easy and intuitive. During my initial burn in period, I mounted some external CIFS shares around my network to copy the data onto this 420+. I was never disappointed, the new DSM even provides an estimated time of completion for large jobs.

Usability

Disk Station Manager (DSM) rocks. Simple as that. Super robust, quick, snappy, it just does everything that regular desktop machine would do, just within the browser. Anything is at your fingertips within DSM. Some of the things I use on a regular basis are Hyper Backup, File station (when I want to do CIFS to CIFS transfers), Synology Drive and Storage Manager.

D isk Performance Task Manager Connected Users Speed Limit Settings Performance Alarm DSM Help CPU Memory Composition Resource Netvm rk Type : 19.2 Volu 367.3 507.8 558.8 Total 4.6 Ga Desktop Click to up nctifiætions. Real utilization 8 Ithy) used 3.31 TE capacity: 7. IE TB O System H It h Healthy Ym_'r S',molcgy NAS Resou«e Monitor CPU

Everything is intuitively set up. I do recommend setting Control Panel to ‘Advanced Mode’. Just in case you want to see things like the indexing service, external devices, Terminal or Privileges icons. All things are very straightforward, and the help menu is surprisingly, well, helpful. Customization of the login screen, desktop background, color theme, even image or icons are available. I’ve enabled 2FA for login, email notifications, quickconnect, media services all just by clicking around menu’s. The interface is simple enough to get you to your location, yet sophisticated and secure enough to give me comfort when I leave the house.

Features

Super Feature packed. I’ve noticed the Plus (+) series of Synology NAS offers much more packages than the plain “J” series. There’s even a beta package section I’ll be trying out soon. Each new feature brings new items to tweak, and more value to the Synology. Just the other day I configured Replication services, and Synology drive, next up will be Directory server.

It really is a dazzling array of programs this little NAS can run. There’s multiple sites that report using this strictly as a 4K Plex Server. I’ve even seen a few startup businesses using some of the bigger + (plus) models for storage and security with IP cameras. These really are customizable to no end, and based on the new up-and-coming Kubernetes images, these could one day replace traditional server technology.

The 420+ also offers an M2 cache buffer. I’m not quite using it yet, perhaps when I try out mail station or get heavier into web development I’ll populate the drives.

This also has an upgradeable RAM slot on the right of the unit to compliment the current 2GB DDR4. I’ve already got a 4GB stick in there – not best practice, I know; it should ideally be a matching 2GB stick. But I had an extra stick that matched the voltage lying around and thought I’d give it a shot. It’s been 3 weeks without any sort of hiccup.

The Android App store also has many of the general items, like file, video, audio, moments and DS cam. I also noticed there’s a Synology Chat icon in there, which I’m sure complies with secure communications between you and some friends. I’ve been using the DS finder since I have 2 NAS’s in the house, and it’s been great looking over the current usage when I run backup jobs or kube containers.

Verdict

Absolutely worth every penny! Speed, security, feature rich, and reliable name brand. Synology is really improving their DSM with every release, DSM 7.0 is already beta testing, which hopefully is a general release within 2020. My only complaint is a missing e-sata connection in the back of the unit. I could use some of the bigger DX expansion series – if I ever could fill that much space! For the price, the included features, the never-ending applications for any sort of business or personal need, this is another near perfect offering from Synology.

└ Tags: , , , ,
 Comment 

How to: Configure a DNS-323 (ALT-F firmware) as an Rsync Target

by on January 23, 2021 at 14:29
Posted In: IT Blog

The last firmware released for the DNS323 was back in 2013. That was quite a while ago, and it wasn’t great. It lacked SMB2, ssh out of the box, and no development of popular applications. I tried Alt-F on a spare DNS323 as a test to see if I could get rsync up and running.

This isn’t meant to be an expansive entry of the pro’s and con’s of this firmware. This is supposed to be a straight forward approach of configuring the DNS323 as a rsync target for backups compatible with synology dsm 6.3.

Let’s not kid ourselves, this device is pretty old. The last time it was sold any where was around 2007. As of this writing that was 14 years ago. The processor is 500MHz, it’s got 64MB of RAM, the max data transfer possible is 10MBps. I do NOT recommend putting any sort of production or super-important data onto this. I’m using this because I love to tinker, and I have an over-abundance of spare harddrives. So please, as interesting as this entry is, if you want something with performance look at a modern NAS and drives with warranty and up to date specifications!

Moving along…

The coles notes version of alt-f installation:

  1. Download the latest alt-f firmware
  2. Log into your DNS323 and apply the alt-f firmware

*I take no responsibility past this point. These instructions are recommendations, and should not be taken verbatim. This is not an official support channel. Take all the necessary precautions to backup your data beforehand.

3. Create a login password, this will also act as your ‘root’ password too.

4. Format your disks. EXT2/EXT3/EXT4 and few others are available.

It’s your choice to stick with a RAID 1/0 or JBOD. I’m using older disks and this is strictly backup for my purposes.

Create the Rsync User

Let’s create an rsync user first.

Setup -> Users

Note the full name is the “windows name”, where the nic name is the “linux login” name. Take particular note of the linux name, this is what the synology needs to initiate a backup.

Machine generated alternative text: Full name Nic-k name user id G roup id Password Again

Create a folder and Share

Now we’ll need to create a share to mount the backup.

Setup -> Folders

Selected: \mnt/sdb2'backu sha View: Tree S Flat O Folder Owner Group Permissions 500Ga dtaödtaö root sda2 root root O db2 root root

Note the mounted drives. I configured mine independently.

  • Sda2 – 500GB drive
  • Sdb2 – 1000GB drive

I gave mine a share name of “backup_share”. Then hit ‘create’.

Once created, change permissions accordingly.

backup_share: Can Read Owner Users in group root Other users Can Write Can Browse Make new files/folders inherit the group ownership O O Apply recursively to sub-folders Applv also to files Submit Back

With the drive folder and permissions set, now configure the share.

Services -> Network -> smb -> Configure

C:\311C66C5\BFE98FFB-6B27-4F02-B0D2-952CFF370785_files\image004.png

Create a share based on the folder you created ealier

Folders Browse Selected: ImnVsdb2/backup_share View: T e C) Flat @ Folder: /mnVsdb2/backup_snare hit path component to visit it) Owner Group Permissions
C:\311C66C5\BFE98FFB-6B27-4F02-B0D2-952CFF370785_files\image006.png

As a test, make sure you can browse the share from windows explorer

Ie. (\\DNS323\backup_share)

Use the username and password you created above. Make sure you can create files and folders. Notice you can enable SMB1, and SMB2 from this panel. I tried to disable SMB1, but that just made the share disappear from my Windows 10 explorer. Could be a bug they’re working out.

Side Quest – SAMBA module

There’s also an ‘Advanced’ button in Samba Setup. Use the same root password to see the contents.

C:\311C66C5\BFE98FFB-6B27-4F02-B0D2-952CFF370785_files\image007.png

This panel is a bit more graphical in presentation. And gives a good representation with the ‘view’ icon of the current shares published. Spend a little time looking around, there could be some tweaks you could find useful in this section.

C:\311C66C5\BFE98FFB-6B27-4F02-B0D2-952CFF370785_files\image008.png

Rsync Service Setup

Let’s setup this DNS as the rsync target.

Services -> Network -> inetdS

C:\311C66C5\BFE98FFB-6B27-4F02-B0D2-952CFF370785_files\image009.png

Hit ‘configure’ on the rsync service

C:\311C66C5\BFE98FFB-6B27-4F02-B0D2-952CFF370785_files\image010.png

Configure a new folder based on the path and user you created above.

Machine generated alternative text: - Folder Modules Disable Folder Browse Browse Browse Browse Module Name rsynrsyn Comment rsync backup directory Allow Browseable Read Only anybody
  1. It’s easier to use the built-in browser to get to your folder. Otherwise if you know it already you can enter it here. Remember, this is linux, all the directory slashes are ‘/’
  2. The module name is the viewable share name in Windows
  3. Add your comments as necessary
  4. Set permissions for the rsync account created above

Now, let’s validate the folder created above (ie. /mnt/sdb2/backup_share) exists in the rsync configuration folder. We’ll use an SSH client for this. Just regular connection with root@DNS323 works. Goto \etc and more on rsyncd.conf.

The top line should give the location of rsyncd.secrets – a password encrypted file that only rsync users should have access to.

And the bottom portion should provide the recently created directory with permissions for your rsync user. 

PS C:\> ssh root@dns323-2
root@dns323-2's password:
[root@DNS323-2]# cd etc
[root@DNS323-2]# more rsyncd.conf
#Sample contents
secrets file = /etc/rsyncd.secrets
use chroot = yes
read only = yes
dont compress = *
list = yes
...


[rsynrsyn]
        comment = rsync backup directory
        path = /mnt/sdb2/backup_share
        auth users = rsynrsyn
        uid = rsynrsyn
        gid = users
        read only = no

You can tweak this to do things like host allow within a certain subnet. For this, I’m just focusing on getting rsync running.

While you’re in here, have a look at your rsyncd.secrets file. Ideally, this should only give one rsync user with password. Something like 

rsynryn:password

DSM – Setup HyperBackup

Now we can create a backup job and target the DNS323 (with alt-f firmware). Create a new backup job, choose rsync as the file server type.

Backup Destination Please select your backup destination type. Synology folder & LJS-B NAS ice File Server

Settings should be similar to below.

For the backup settings, configure the Server type as ‘rsync-compatible server’, enter in the pertinent details of your DNS323. It should look similar to the screenshot below. For port, just keep the default 873. The Backup module, make sure to use the exact same “Path” from the rsyncd.conf file.

ie. path = /mnt/sdb2/Backup_share

Backup module = /mnt/sdb2/Backup_share

Directory = Backup_directory

And this creates a new directory of whatever name you want.

Backup Wizar Backup Destination Settings Specify the backup destination for this task. backup tuk type: or IP Tænsfer module: Di recto Relink to task dE323-2 Ex;crt shared folder (including an deve

After this you should be able to select items to backup. Set your items, schedule them and make use of the rotational backups (very handy).

Be aware of the speeds, even if you have SMBv2 enabled, the backup jobs are still pretty slow over rsync. Still hovers around 1.2MB/s. So time your backups accordingly, and be aware that DSM Hyperbackup cannot do simultaneous backups.

-Dexter

└ Tags: , , , , , , , ,
1 Comment