David Westerfield

Gospel. Culture. Technology. Music.

Category: Technology Page 3 of 16

SharePoint 2013 – Adding Additional AD Domains for People Picker

In SharePoint 2010, if you had other domains that you needed to lookup users on in order to give them access to a site, it just worked without having to do any further configuration.

Not so with SharePoint 2013. You must add each domain and sub-domain to each web application to be able to perform user lookups from within the people picker.

So how do you do this? Well, with PowerShell, and fortunately Microsoft has provided a nice script that performs it for you. Otherwise, it would be quite a task.

It’s important to note that you must add the default domain your SharePoint environment is currently setup in. Otherwise, you won’t even be able to do lookups in it! (Found that out the hard way)

Instructions: Open Notepad or your favorite text editor, copy and paste the code below into the file, and save it as a .ps1 file. Open the SharePoint PowerShell command window as an Administrator, and an account with farm level access, change the directory (cd C:\YourDirectory, etc.) to the place you saved the code below (as a .ps1 file), type out .\YourPowerShellScript.ps1 and hit enter.

*I provide this as is, with no guarantees it will resolve your issues. And if you muck up your environment, it’s not my fault. 🙂 Obviously you should perform this on a dev or test environment first before attempting it in production. Good luck!*

Read More

Migrating a Host-Named Site Collection (HNSC)

Since I had to piece together how to accomplish the migration of a host-named site collection (HNSC) I had already setup in SharePoint 2013, from one farm to another, I figured I would outline exactly how to do it. In my case, I needed the HNSC to be in its own content database, I’m targeting a particular web app with the HNSC as opposed to using a wildcard web app to handle the hostnames, and all of this is assuming you have your rights setup to be able to carry out all of this; SQL, SharePoint farm account and otherwise. With that said…

Read More

Using Postfix SASL Authentication with Google 2-step Verification On

For future reference. This came in very handy after I turned on Google 2-step verification. Originally found here: http://passion4high-tech.blogspot.com/2013/03/postfix-sasl-authentication-failed-with.html

————————————–

If you configure your Google account for extra security to use the 2-step verification, then some applications which work outside the browser might not be compatible with 2-step verification and cannot ask for verification codes.

Postfix which was installed and configured to send out emails won’t work anymore, and you might notice error messages in the /var/log/mail.log file.

Something like:

SASL authentication failed; server smtp.gmail.com said: Application-specific password required.

The solution below should fix this issue:

Read More

Redirecting Only The Root URL Within NGINX

For some reason I found this rule to be difficult but finally got it to work thanks to the internets. This is the only rule that worked within the NGINX configuration to get only the root URL to redirect to (in my case) a non-SSL location. Here’s the section:

server {
  (..)
  location / {
    rewrite ^(/)$ http://www.domain.com/ permanent;
  }
}

http://stackoverflow.com/questions/9336261/nginx-rewrite-only-when-root-domain

Optimal NGINX SSL Settings

Recently I embarked on finding the optimal NGINX SSL security settings and stumbled across this post: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

For a number of reasons, it recommends disabling SSLv3 (as a result of its insecurity), settings AES256 as the standard cipher to utilize and a couple of other things that can prevent attacks. Good stuff to tighten up security on an NGINX SSL implementation.

Read More

AT&T Gigapower in West Fort Worth, TX

Update 8/3/2015:

The speed has now been bumped up to 300 mbps up/down; so fast now, I need a new internal router/firewall 🙂

image

——————————————————————-

After events that occurred with AT&T on the technical and customer service sides back when I first moved into my new house, I wasn’t quite sure what to expect with changing over, once again, to new service. However, after all of the frustration and mind-boggling breakdowns in order processing and account bungling from a few months ago, this has been worth the wait.

Read More

ModSecurity and NGINX Compilation Error in Ubuntu

I had a failure recently when trying to compile ModSecurity as a standalone module for use within NGINX that seemed to be pretty consistent with what others were experiencing, from the limited number of sites that seemed to have information on this particular problem. I knew it was possible to set this up, but I also knew I was missing something.

After scanning the internet for a solution and getting some pointers from Ryan Barnett at Trustwave’s SpiderLabs, I finally found what I was looking for to get this to work.

I went through this http://www.modsecurity.org/projects/modsecurity/nginx/ and kept receiving this error:

configure: looking for Apache module support via DSO through APXS
configure: error: couldn’t find APXS

… even after I went through and made sure I had all these prerequisites installed (thanks for pointing me here Ryan): https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-Prerequisites.

So then I was stuck, until I just searched why anyone gets this error at all and discovered this: http://knowledge-republic.com/CRM/2981/ubuntu/ubuntu-missing-apxs-fo-compile-apache-module/

In addition to the prerequisites noted in the last link, you must install apache2-prefork-dev instead of, or in addition to, apache2-threaded-dev in order to utilize the APXS extension tool.

Once I did that, I compiled the module successfully and was able to continue on with the rest.

I’m still waiting for an easy-to-add ModSecurity module for NGINX that I can just pull down using apt-get. 😉

Twisted Pair Versus Coax – An Observance with U-verse

Though I haven’t proven this theory out yet I’ve been wondering since it seems to me to be a difference in stability. So my neighbors all around me have U-verse and have had all kinds of issues in which a U-verse tech has had to come out to resolve their issues. I’ve had basically none, with a couple of exceptions (area-wide drops). One neighbor had to have the line at the curb completely dug up and reset, but that was a different issue. When they setup my connection, I asked up front to run twisted pair from the outside to my router/gateway instead of using coax. As I understand it, unless I’m mistaken, the default is to use coax which, sure enough, all my neighbors have. As it pertains to VDSL2+ (the protocol U-verse uses), is twisted pair more stable than coax as a medium for delivery? I’m just curious, because that would be an easy thing to ask for at the beginning. I don’t know that this is the case, but I would be interested to see stats on that. Here are my numbers using twisted pair after 113 days of data/error collection:

Securing Traffic with OpenVPN on Your iPhone or iPad

I’ve been looking at a solution for this for quite some time. Until recently, the only way to make this work was to jailbreak your phone and use GuizmOVPN or some other type of app, which of course voids your warranty. But then along came OpenVPN Connect, an app for the iPhone and the iPad that is extremely simplistic to use (well, relatively speaking for OpenVPN). It works just like any other client side setup for OpenVPN, only you move the certs and config files over through iTunes File Sharing (which is probably the more secure way to do this transaction). This is an absolutely amazing way to secure your traffic to and from an OpenVPN server, from wherever you are, using 3g/4g or Wi-Fi.

  1. Download the OpenVPN Connect app from iTunes on to your iPhone or iPad.
  2. Take a sample client.ovpn file and modify it with your particular settings to connect to your OpenVPN server. Make sure and set the cert and key names to exactly what you’ll be copying over, otherwise it won’t reference the proper files from within the config.
  3. Get your client.crt, client.key, ca.crt, ta.key, and client.ovpn files ready for moving over to your phone. (these file names are just examples)

    certs

  4. Open iTunes with your phone or device connected.
  5. Select the device on the left-hand side.

    device_itunes 

  6. Click the Apps tab at the top.

    apps_itunes

  7. Scroll down to the File Sharing section, select OpenVPN and drag n’ drop your five files (should be five at least) into the OpenVPN Documents window. Once they are moved over, go ahead and do a sync just to make sure everything is good.

    itunes

As long as everything was setup correctly in the client.ovpn file and your certs are all good, you should be able to open your app and add it as a new profile. Once the the new profile is added in the app, you should be able to connect.

ovpn_connect

Note: As an aside, if you want to secure all your traffic to and from the OpenVPN server, make sure and set this parameter before you upload the client.ovpn file: redirect-gateway def1

The downside? It eats battery life like crazy. That all may depend on your encryption level and key size though. 😉 In addition, each time you want to edit the client.ovpn, you have to edit it locally on your computer and re-upload it. But considering the alternative (no VPN, PPTP, or jailbreaking your phone), this is an excellent app.

Page 3 of 16

Powered by WordPress & Theme by Anders Norén