MavEtJu's Distorted View of the World - 2006-11

Stupid network printers...
RBL Lookups
Getting Active Directory information with Samba

Back to index

Stupid network printers...

Posted on 2006-11-22 11:30:53, modified on 2006-11-22 11:37:54
Tags: Printers, DHCP

Just when you think that you can quietly do some overdue network redesign, everybody suddenly wants network printers / scanners hooked up. And of course, these things are dumb++

  • Printers which don't understand DHCP relays and lose their IP address every time their lease expires.
  • Printers which do understand DHCP, but their installers do not want to use it since they have bad experiences with it.
  • Printers which don't understand DNS and demand the IP address of the SMTP server.
  • Printers which don't have MacOS/X printer drivers, but understand LPR so Mac users get un-accounted printing facilities (yay!)

No comments | Share on Facebook | Share on Twitter

RBL Lookups

Posted on 2006-11-14 14:01:40, modified on 2006-11-14 14:20:18
Tags: Networking, DNS

I was looking for a program to see if an IP address was tagged in one of the spam black lists on the internet. I saw dns/rbllookup, which did the basic stuff.

But boy, it was a little bit outdated. Last update was 2003. It contained a lot of blacklists which were shut down ages ago, and it didn't have a proper configuration file, and it didn't print the TXT records.

Anyway, four hours later and a lot of internal redesign, it now supports

  • A configuration file, so you can update it withtout having to play around in the source.
  • Faster, it uses Net::DNS bgsend() function.
  • Up to date standard RBL list
  • And as a free goodie, a convertor from drbcheck: dr. Jørgen Mash's DNS database list checker into a configuration file.

It's faster. The 700 RBLs in the Moensted list are done, with standard options, in 110 seconds, and with 500 requests at once it's handled in 35 seconds.

It is available as dns/rbllookup-ng.

No comments | Share on Facebook | Share on Twitter

Getting Active Directory information with Samba

Posted on 2006-11-14 13:52:00, modified on 2006-11-14 13:57:23
Tags: Computers, Samba

I was looking for a way to find out whose accounts were locked out in the Active Directory.

  • Get a list of groups an user is a member of:
      [~] root@service>net ads dn 'CN=Edwin Groothuis,CN=Users,DC=barnet,DC=local' memberOf
      Got 1 replies
      memberOf: CN=Citrix Microsoft Office,CN=Users,DC=barnet,DC=local
  • For the fun, see how many times somebody has logged in:
      [~] root@service>net ads dn 'CN=michael green,CN=Users,DC=barnet,DC=local' logonCount
      Got 1 replies
      logonCount: 4281
  • The email addresses used on the exchange server:
      [~] root@service>net ads dn 'CN=michael green,CN=Users,DC=barnet,DC=local'  mail
      Got 1 replies
  • userAccountControl shows some of the account options:
      [~] root@service>net ads dn 'CN=edwin groothuis,CN=Users,DC=barnet,DC=local'  userAccountControl
      Got 1 replies
      Normal:                                 512   0 0000 0010 0000 0000
      Account is disabled:                    514   0 0000 0010 0000 0010
      Password never expires:               66048   1 0000 0010 0000 0000
  • And finally, one website gave a final clue:
      [~] root@service>net ads dn 'CN=edwin groothuis,CN=Users,DC=barnet,DC=local'  lockoutTime
      Got 1 replies
      lockoutTime: 128079373162771852

This works for authentication failures, but I don't know if it works for the "Account Expires" lockout.

No comments | Share on Facebook | Share on Twitter