MavEtJu's Distorted View of the World - 2006-11

Posted on 2006-11-22 11:30:53, modified on 2006-11-22 11:37:54
Tags: Printers, DHCP

Just when you think that you can quietly do some overdue network redesign, everybody suddenly wants network printers / scanners hooked up. And of course, these things are dumb++

• Printers which don't understand DHCP relays and lose their IP address every time their lease expires.
• Printers which do understand DHCP, but their installers do not want to use it since they have bad experiences with it.
• Printers which don't understand DNS and demand the IP address of the SMTP server.
• Printers which don't have MacOS/X printer drivers, but understand LPR so Mac users get un-accounted printing facilities (yay!)

Posted on 2006-11-14 14:01:40, modified on 2006-11-14 14:20:18
Tags: Networking, DNS

I was looking for a program to see if an IP address was tagged in one of the spam black lists on the internet. I saw dns/rbllookup, which did the basic stuff.

But boy, it was a little bit outdated. Last update was 2003. It contained a lot of blacklists which were shut down ages ago, and it didn't have a proper configuration file, and it didn't print the TXT records.

Anyway, four hours later and a lot of internal redesign, it now supports

• A configuration file, so you can update it withtout having to play around in the source.
• Faster, it uses Net::DNS bgsend() function.
• Up to date standard RBL list
• And as a free goodie, a convertor from drbcheck: dr. Jørgen Mash's DNS database list checker into a configuration file.

It's faster. The 700 RBLs in the Moensted list are done, with standard options, in 110 seconds, and with 500 requests at once it's handled in 35 seconds.

It is available as dns/rbllookup-ng.

Posted on 2006-11-14 13:52:00, modified on 2006-11-14 13:57:23
Tags: Computers, Samba

I was looking for a way to find out whose accounts were locked out in the Active Directory.

• Get a list of groups an user is a member of:

    [~] root@service>net ads dn 'CN=Edwin Groothuis,CN=Users,DC=barnet,DC=local' memberOf
    Got 1 replies
  
    memberOf: CN=Citrix Microsoft Office,CN=Users,DC=barnet,DC=local

• For the fun, see how many times somebody has logged in:

    [~] root@service>net ads dn 'CN=michael green,CN=Users,DC=barnet,DC=local' logonCount
    Got 1 replies
  
    logonCount: 4281

• The email addresses used on the exchange server:

    [~] root@service>net ads dn 'CN=michael green,CN=Users,DC=barnet,DC=local'  mail
    Got 1 replies
  
    mail: michaelg@xxx.barnet.com.au

• userAccountControl shows some of the account options:

    [~] root@service>net ads dn 'CN=edwin groothuis,CN=Users,DC=barnet,DC=local'  userAccountControl
    Got 1 replies
                                  
    Normal:                                 512   0 0000 0010 0000 0000
    Account is disabled:                    514   0 0000 0010 0000 0010
    Password never expires:               66048   1 0000 0010 0000 0000

• And finally, one website gave a final clue: http://msdn.microsoft.com/msdnmag/issues/05/12/DirectoryServices/default.aspx

    [~] root@service>net ads dn 'CN=edwin groothuis,CN=Users,DC=barnet,DC=local'  lockoutTime
    Got 1 replies
  
    lockoutTime: 128079373162771852

This works for authentication failures, but I don't know if it works for the "Account Expires" lockout.