Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog


Channel Description:

Latest Message Board Threads at StudioSysAdmins

older | 1 | .... | 118 | 119 | (Page 120) | 121 | 122 | .... | 187 | newer

    0 0
  • 12/18/14--01:40: Server 2012 DCs vs Samba 3.6
  • Server 2012 DCs vs Samba 3.6
    posted by Jean-Francois Panisset on Dec. 18, 2014, 4:40 a.m.
    Ran into an interesting issue today: some Windows 7 clients were happy to access a Samba share, others were not. Peering at Samba debug logs showed that the unhappy clients were somehow not passing all of the security group SIDs, and in particular missing the one needed for the permissions on that share. A bit of googling found references to a new feature since Server 2012 called KDC Resource SID Compression, which apparently Samba 3.6 doesn't support correctly (as well as some other third party implementations, for instance I found some references to a similar issue with NetApp OnTap, since patched). And the unhappy clients were the ones bound to a 2012R2 DC.

    http://blogs.technet.com/b/askds/archive/2012/09/12/maxtokensize-and-windows-8-and-windows-server-2012.aspx
    https://lists.samba.org/archive/samba-technical/2013-March/091301.html

    The fix suggested in those articles worked: I disabled the feature on the DCs, and right away the problematic Windows 7 clients started being able to access the Samba share. Only slightly tricky part not mentioned in those articles is that the registry key referred to does not actually exist, you have to create it, and some of the path components are weirdly not CamelCased:

    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\system\Kdc\Parameters

    I figured that Windows 7 clients bound to 2012R2 DCs talking to Samba 3 servers is probably not a unique combo in our types of environments...

    JF


    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Ran into an interesting issue today: some Windows 7 clients were happy to access a Samba share, others were not. Peering at Samba debug logs showed that the unhappy clients were somehow not passing all of the security group SIDs, and in particular missing the one needed for the permissions on that share. A bit of googling found references to a new feature since Server 2012 called KDC Resource SID Compression, which apparently Samba 3.6 doesn't support correctly (as well as some other third party implementations, for instance I found some references to a similar issue with NetApp OnTap, since patched). And the unhappy clients were the ones bound to a 2012R2 DC.

    http://blogs.technet.com/b/askds/archive/2012/09/12/maxtokensize-and-windows-8-and-windows-server-2012.aspx
    https://lists.samba.org/archive/samba-technical/2013-March/091301.html

    The fix suggested in those articles worked: I disabled the feature on the DCs, and right away the problematic Windows 7 clients started being able to access the Samba share. Only slightly tricky part not mentioned in those articles is that the registry key referred to does not actually exist, you have to create it, and some of the path components are weirdly not CamelCased:

    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\system\Kdc\Parameters

    I figured that Windows 7 clients bound to 2012R2 DCs talking to Samba 3 servers is probably not a unique combo in our types of environments...

    JF



    0 0
  • 12/21/14--11:50: Cloud Archive Options
  • Cloud Archive Options
    posted by James Bourne on Dec. 21, 2014, 2:50 p.m.
    Hi all,

    I'm looking for a deep archive solution to cloud. I've been testing Synology's Glacier archive package but it's not so hot.

    Anyone using the AWS Storage Gateway? Any other suggestions?

    Merry Christmas!

    j.
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Hi all,

    I'm looking for a deep archive solution to cloud. I've been testing Synology's Glacier archive package but it's not so hot.

    Anyone using the AWS Storage Gateway? Any other suggestions?

    Merry Christmas!

    j.

    0 0
  • 12/22/14--01:30: interesting network tech
  • interesting network tech
    posted by Julian Firminger on Dec. 22, 2014, 4:30 a.m.
    https://www.kickstarter.com/projects/wawtechnologies/luna-little-universal-network-appliance

    cant vouch for it. but I think i want one...

    Julian Firminger

    Snr. Systems Administrator,
    United Broadcast Facilities
    Amsterdam, The Netherlands
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    https://www.kickstarter.com/projects/wawtechnologies/luna-little-universal-network-appliance

    cant vouch for it. but I think i want one...

    Julian Firminger

    Snr. Systems Administrator,
    United Broadcast Facilities
    Amsterdam, The Netherlands

    0 0

    Physical damage from a breakin
    posted by Jean-Francois Panisset on Dec. 22, 2014, 3 p.m.
    Apparently someone managed to break in to the control network at a German steel mill and destroy a blast furnace:

    http://www.theregister.co.uk/2014/12/22/hackers_pop_german_steel_mill_wreck_furnace/

    Shades of stuxnet... Just got Countdown to Zero Day:

    http://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/077043617X/ref=sr_1_1?ie=UTF8&qid=1419278209&sr=8-1&keywords=countdown+to+zero+day

    Next on my reading list.

    JF

    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Apparently someone managed to break in to the control network at a German steel mill and destroy a blast furnace:

    http://www.theregister.co.uk/2014/12/22/hackers_pop_german_steel_mill_wreck_furnace/

    Shades of stuxnet... Just got Countdown to Zero Day:

    http://www.amazon.com/Countdown-Zero-Day-Stuxnet-Digital/dp/077043617X/ref=sr_1_1?ie=UTF8&qid=1419278209&sr=8-1&keywords=countdown+to+zero+day

    Next on my reading list.

    JF


    0 0
  • 12/22/14--18:20: PCoIP & EULAs
  • PCoIP & EULAs
    posted by Viet Nguyen on Dec. 22, 2014, 9:20 p.m.
    So, I'm having a "hypothetical" issue with a software vendor. I've got users in Vancouver that PCoIP into machines in Los Angeles, with license servers in Los Angeles. Potentially, a vendor might say that by their EULA, if we have users in Vancouver, we have to have not only the license servers, but also the workstations in Vancouver, even if the software and workstations are used solely by users in Vancouver. Otherwise, we have to pay a additional non-trivial fee per license, per year for a multi-country license.

    I understand the actual text of the EULA will factor in greatly in a matter like this, but does anyone have general thoughts or perhaps some experience in this matter?

    With PCoIP, cloud and other technologies that exist to make physical location irrelevant, existing EULAs can make things a PITA if not worse.
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    So, I'm having a "hypothetical" issue with a software vendor. I've got users in Vancouver that PCoIP into machines in Los Angeles, with license servers in Los Angeles. Potentially, a vendor might say that by their EULA, if we have users in Vancouver, we have to have not only the license servers, but also the workstations in Vancouver, even if the software and workstations are used solely by users in Vancouver. Otherwise, we have to pay a additional non-trivial fee per license, per year for a multi-country license.

    I understand the actual text of the EULA will factor in greatly in a matter like this, but does anyone have general thoughts or perhaps some experience in this matter?

    With PCoIP, cloud and other technologies that exist to make physical location irrelevant, existing EULAs can make things a PITA if not worse.

    0 0
  • 12/23/14--00:30: ISO for Windows XP64 bit
  • ISO for Windows XP64 bit
    posted by Chris Hyman on Dec. 23, 2014, 3:30 a.m.
    Hi all, I need to covert some older linux systems back to windows XP64. They have the license stickers on the cases so I am OK for legal licenses, I just dont have any install media. Can anyone help with a ISO I can download and please ping me off list so its not out there on the web for the rest of the world to grab! Chris To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Hi all, I need to covert some older linux systems back to windows XP64. They have the license stickers on the cases so I am OK for legal licenses, I just dont have any install media. Can anyone help with a ISO I can download and please ping me off list so its not out there on the web for the rest of the world to grab! Chris To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

    0 0
  • 12/26/14--12:00: Useful looking bit of kit.
  • Useful looking bit of kit.
    posted by Jeremy Lang on Dec. 26, 2014, 3 p.m.

    But damn it, not nearly worth $350!

    Still, being able to use laptop as a portable monitor/keyboard/mouse is brilliant and really shouldn't be this hard to do... Even better if it had BlueTooth to host connectivity and brilliant if it also got a serial port for console situations...

    ______________
    Jeremy M. Lang
    it4vfx
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     

    But damn it, not nearly worth $350!

    Still, being able to use laptop as a portable monitor/keyboard/mouse is brilliant and really shouldn't be this hard to do... Even better if it had BlueTooth to host connectivity and brilliant if it also got a serial port for console situations...

    ______________
    Jeremy M. Lang
    it4vfx

    0 0

    OS X Yosemite on Mac Pro 1,1/2 (or any 64 bit OS X)
    posted by Greg Whynott on Jan. 5, 2015, 4:10 p.m. (6 days ago)
    If you don't care or use mac's, bail now.


    The original first few models of Mac Pro (1,1 and 2,1) had 32 bit EFI firmware which prevented you from installing the newer versions of OS X when they dropped the 32 bit kernel. Mountain Lion was last version which would install on these machines. This is silly of course as the entire machine excluding the EFI firmware is 64 bit capable.


    The other day someone offered me one of these machines for the taking. I thought I'd install linux on it and turn it into a media server for home. Runes quiet enough to put in-behind the TV set and not be annoying.

    Anyway - Poking around on the net I stumbled upon a guys web site who has a work around for this, so you can install the 64 bit versions of OS X onto these 32 bit EFI machines, breathing new life into them for some...

    http://forums.macrumors.com/showthread.php?t=1740775


    The procedure is lengthy and I was debating if it was worth the effort for a media server, then I found a link (on that page) to a dmg file you can download of megadownloads which is ready to go. I copied the contents to a usb stick, popped it in and it installed without issue. Did a system upgrade without issue as well.


    and there you have it.. this particular machine is a 8 core 3.0 GHz, with a SSD in for a system drive, it appears -almost- as snappy as my 3.2 Ghz i5 imac which is only a few months old, in the few minutes I have been playing with it. Not bad for a 7 or 8 year old machine.



    -g






    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    If you don't care or use mac's, bail now.


    The original first few models of Mac Pro (1,1 and 2,1) had 32 bit EFI firmware which prevented you from installing the newer versions of OS X when they dropped the 32 bit kernel. Mountain Lion was last version which would install on these machines. This is silly of course as the entire machine excluding the EFI firmware is 64 bit capable.


    The other day someone offered me one of these machines for the taking. I thought I'd install linux on it and turn it into a media server for home. Runes quiet enough to put in-behind the TV set and not be annoying.

    Anyway - Poking around on the net I stumbled upon a guys web site who has a work around for this, so you can install the 64 bit versions of OS X onto these 32 bit EFI machines, breathing new life into them for some...

    http://forums.macrumors.com/showthread.php?t=1740775


    The procedure is lengthy and I was debating if it was worth the effort for a media server, then I found a link (on that page) to a dmg file you can download of megadownloads which is ready to go. I copied the contents to a usb stick, popped it in and it installed without issue. Did a system upgrade without issue as well.


    and there you have it.. this particular machine is a 8 core 3.0 GHz, with a SSD in for a system drive, it appears -almost- as snappy as my 3.2 Ghz i5 imac which is only a few months old, in the few minutes I have been playing with it. Not bad for a 7 or 8 year old machine.



    -g







    0 0

    End User Computing in 3d question
    posted by Grant Fraser on Jan. 6, 2015, 2:25 a.m. (5 days ago)
    Hi, I run a mailing list for the digital arts industry here in Australia (although we have members from all over). It's mainly artists but I got this posting today and thought it was something you guys might answer??

    "I work in Infrastructure and dabble in 3D and found a synergy between the two interests and developed a Turn Key 3D EUC Systems. (End User Computing) You can either access the systems remotely or onsite integrated with your own environment.
    So that multiply artists can access the 3D systems remotely . Saving Desktops space, reducing noise levels. etc. As the OS is visualized, it can take advantage of idle time and maximize the investment.
    This could be a hosted solution, completely isolated and secure with high speed internet access or via dedicated VPN or in your datacenter or broom closet.
    It could be rented out and either use BYO licensing. (Depends on the software vendor) (Linux or Windows inclusive)
    Its resilient by design and can scale to 1000s of nodes if required.
    Interested to hear feedback and if something like this is already in use by big production houses."

    I don't see it working myself but....

    -- 
    --------------------------------------------
    -     Grant Fraser - Sydney Australia      -
    -       mailto:grantf@grunt.com.au         -
    -        http://www.grunt.com.au           -
    -         http://www.dlf.org.au            -
    --------------------------------------------
    
    
    This email may contain commercial-in-confidence or privileged information. It is intended for receipt by the addressee(s) only. Any disclosure, copying or distribution of the email or information contained in it is not authorised by the sender. Please telephone the sender immediately if you have received this email in error.
    
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Hi, I run a mailing list for the digital arts industry here in Australia (although we have members from all over). It's mainly artists but I got this posting today and thought it was something you guys might answer??

    "I work in Infrastructure and dabble in 3D and found a synergy between the two interests and developed a Turn Key 3D EUC Systems. (End User Computing) You can either access the systems remotely or onsite integrated with your own environment.
    So that multiply artists can access the 3D systems remotely . Saving Desktops space, reducing noise levels. etc. As the OS is visualized, it can take advantage of idle time and maximize the investment.
    This could be a hosted solution, completely isolated and secure with high speed internet access or via dedicated VPN or in your datacenter or broom closet.
    It could be rented out and either use BYO licensing. (Depends on the software vendor) (Linux or Windows inclusive)
    Its resilient by design and can scale to 1000s of nodes if required.
    Interested to hear feedback and if something like this is already in use by big production houses."

    I don't see it working myself but....

    -- 
    --------------------------------------------
    -     Grant Fraser - Sydney Australia      -
    -       mailto:grantf@grunt.com.au         -
    -        http://www.grunt.com.au           -
    -         http://www.dlf.org.au            -
    --------------------------------------------
    
    
    This email may contain commercial-in-confidence or privileged information. It is intended for receipt by the addressee(s) only. Any disclosure, copying or distribution of the email or information contained in it is not authorised by the sender. Please telephone the sender immediately if you have received this email in error.
    

    0 0

    Best practices for allowing users to have custom scripts from a SysAdmin perspective?
    posted by Will Rosecrans on Jan. 6, 2015, 12:45 p.m. (5 days ago)
    So, I have been wearing my developer hat a bit more than my admin lately, and I am writing an application that has embedded Python for scripting. And I was musing about how best to expose this feature so that users can have custom scripts. Nuke does it by looking for a file called init.py or menu.py in several locations, and running those scripts. If you want to download a cool script off a website, you need to add something in menu.py that loads the user script, and sets up menu entries for it. This is flexible, in that you can have lots of custom logic for adding menu entries, and you could tehoretically make ~/.nuke/menu.py be unwriteable by the user, preventing them from doing something stupid. OTOH, when you want to give a script to artists, they can almost never figure out what to do. On the other end of the spectrum, the way my add currently works is that it searches ~/myapp/scripts/*.py at startup and adds an entry in the scripts menu for every .py file it finds. So a user could just copy a script into the right place, and it would "just work." Less need for supporting users to help them add a script. But that doesn't let you have more complicated logic.

    So, my question for the SSA hivemind, is if you could have custom user scripts work however you wanted in an app, what would you want that to look like? Are there an particular examples that you wish were more widespread?
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    So, I have been wearing my developer hat a bit more than my admin lately, and I am writing an application that has embedded Python for scripting. And I was musing about how best to expose this feature so that users can have custom scripts. Nuke does it by looking for a file called init.py or menu.py in several locations, and running those scripts. If you want to download a cool script off a website, you need to add something in menu.py that loads the user script, and sets up menu entries for it. This is flexible, in that you can have lots of custom logic for adding menu entries, and you could tehoretically make ~/.nuke/menu.py be unwriteable by the user, preventing them from doing something stupid. OTOH, when you want to give a script to artists, they can almost never figure out what to do. On the other end of the spectrum, the way my add currently works is that it searches ~/myapp/scripts/*.py at startup and adds an entry in the scripts menu for every .py file it finds. So a user could just copy a script into the right place, and it would "just work." Less need for supporting users to help them add a script. But that doesn't let you have more complicated logic.

    So, my question for the SSA hivemind, is if you could have custom user scripts work however you wanted in an app, what would you want that to look like? Are there an particular examples that you wish were more widespread?

    0 0

    Best practices for allowing users to have custom scripts from a SysAdmin perspective?
    posted by Rob LaRose on Jan. 6, 2015, 12:50 p.m. (5 days ago)

    XSI or AE or one of those used to have a Scripts menu and a User Scripts sub-menu and corresponding directories.  Every script in <scriptdir> or <userscriptdir> showed up on those menus automatically.

    That seemed simple to me.. <scriptdir> was systemwide and locked.  <userscriptdir> was editable by the user.  They could put anything they wanted in there.

    Rob


    rob larose
     | engineer | rock paper scissors | 212-255-6446 | www.rockpaperscissors.com

    On Jan 6, 2015, at 12:40 PM, Will Rosecrans <wrosecrans@gmail.com> wrote:

    So, I have been wearing my developer hat a bit more than my admin lately, and I am writing an application that has embedded Python for scripting.  And I was musing about how best to expose this feature so that users can have custom scripts.  Nuke does it by looking for a file called init.py or menu.py in several locations, and running those scripts.  If you want to download a cool script off a website, you need to add something in menu.py that loads the user script, and sets up menu entries for it.  This is flexible, in that you can have lots of custom logic for adding menu entries, and you could tehoretically make ~/.nuke/menu.py be unwriteable by the user, preventing them from doing something stupid.  OTOH, when you want to give a script to artists, they can almost never figure out what to do.  On the other end of the spectrum, the way my add currently works is that it searches ~/myapp/scripts/*.py at startup and adds an entry in the scripts menu for every .py file it finds.  So a user could just copy a script into the right place, and it would "just work."  Less need for supporting users to help them add a script.  But that doesn't let you have more complicated logic.

    So, my question for the SSA hivemind, is if you could have custom user scripts work however you wanted in an app, what would you want that to look like?  Are there an particular examples that you wish were more widespread?
    To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     

    XSI or AE or one of those used to have a Scripts menu and a User Scripts sub-menu and corresponding directories.  Every script in <scriptdir> or <userscriptdir> showed up on those menus automatically.

    That seemed simple to me.. <scriptdir> was systemwide and locked.  <userscriptdir> was editable by the user.  They could put anything they wanted in there.

    Rob


    rob larose
     | engineer | rock paper scissors | 212-255-6446 | www.rockpaperscissors.com

    On Jan 6, 2015, at 12:40 PM, Will Rosecrans <wrosecrans@gmail.com> wrote:

    So, I have been wearing my developer hat a bit more than my admin lately, and I am writing an application that has embedded Python for scripting.  And I was musing about how best to expose this feature so that users can have custom scripts.  Nuke does it by looking for a file called init.py or menu.py in several locations, and running those scripts.  If you want to download a cool script off a website, you need to add something in menu.py that loads the user script, and sets up menu entries for it.  This is flexible, in that you can have lots of custom logic for adding menu entries, and you could tehoretically make ~/.nuke/menu.py be unwriteable by the user, preventing them from doing something stupid.  OTOH, when you want to give a script to artists, they can almost never figure out what to do.  On the other end of the spectrum, the way my add currently works is that it searches ~/myapp/scripts/*.py at startup and adds an entry in the scripts menu for every .py file it finds.  So a user could just copy a script into the right place, and it would "just work."  Less need for supporting users to help them add a script.  But that doesn't let you have more complicated logic.

    So, my question for the SSA hivemind, is if you could have custom user scripts work however you wanted in an app, what would you want that to look like?  Are there an particular examples that you wish were more widespread?
    To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe


    0 0

    Finally a reason to play Doom at work
    posted by Michael Oliver on Jan. 8, 2015, 2:15 p.m. (3 days ago)
    Finally a reason to play Doom at work. Awesome:

    http://www.cs.unm.edu/~dlchao/flake/doom/

    --
    Michael Oliver
    mcoliver@gmail.com
    858.336.1438
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Finally a reason to play Doom at work. Awesome:

    http://www.cs.unm.edu/~dlchao/flake/doom/

    --
    Michael Oliver
    mcoliver@gmail.com
    858.336.1438

    0 0

    ThunderStrike Mac hardware vulnerability
    posted by Jean-Francois Panisset on Jan. 8, 2015, 6:15 p.m. (3 days ago)
    Of course "once you have physical access all bets are off", but you have to admire this guy's persistence.

    JF

    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Of course "once you have physical access all bets are off", but you have to admire this guy's persistence.

    JF


    0 0
  • 01/09/15--12:25: NAT-T Woes
  • NAT-T Woes
    posted by Jack Greene on Jan. 9, 2015, 3:25 p.m. (2 days ago)
    Pulling my hair out and was hoping someone here might recognize the challenge. We have a customer with 2 ISPs and they want to create a failover VPN solution to us. In our ASA 5550, we've been able to create tunnel connectionsusing both the primary and secondary IPs. It seems the packets are getting dropped in NAT when the second connection is active. I've run a packet capture and can see packets being received by the inside interface, but no packets on the outside interface. Naturally there is no activity on the other side. When the primary IP is up, everything works as planned. Posting here to see if anyone has an idea what I'm overlooking. tunnel-group CLIENT_PRIMARY_IP type ipsec-l2l tunnel-group CLIENT_PRIMARY_IP general-attributes default-group-policy GroupPolicy_CLIENT_PRIMARY_IP tunnel-group CLIENT_PRIMARY_IP ipsec-attributes ikev1 pre-shared-key ***** tunnel-group CLIENT_SECONDARY_IP type ipsec-l2l tunnel-group CLIENT_SECONDARY_IP general-attributes default-group-policy GroupPolicy_CLIENT_PRIMARY_IP tunnel-group CLIENT_SECONDARY_IP ipsec-attributes ikev1 pre-shared-key ***** crypto map outside_map 10 match address outside_cryptomap_2 crypto map outside_map 10 set pfs crypto map outside_map 10 set peer CLIENT_PRIMARY_IP CLIENT_SECONDARY_IP crypto map outside_map 10 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 10 set security-association lifetime kilobytes unlimited group-policy GroupPolicy_CLIENT_PRIMARY_IP internal group-policy GroupPolicy_CLIENT_PRIMARY_IP attributes vpn-idle-timeout none vpn-filter value client_acl vpn-tunnel-protocol ikev1 access-list outside_cryptomap_2 extended permit ip object-group A_LOCAL_NETWORK object DEST_NETWORK_OBJ access-list client_acl extended permit icmp object-group A_DEST_NETWORK any access-list client_acl extended permit tcp object-group A_DEST_NETWORK object LOCAL_SERVER_DMZ3 nat (DMZ3,outside) source static A_LOCAL_NETWORK A_LOCAL_NETWORK destination static A_DEST_NETWORK A_DEST_NETWORK no-proxy-arp route-lookup I've tried with and without the route-lookup/no-proxy-arp attributes. Thanks in advance, Jack (CONFIDENTIALITY NOTICE: The information contained in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient, or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email, or the information contained herein is strictly prohibited. If you have received this communication in error, please notify the sender by return email and delete this email from your system. Thank You.) To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Pulling my hair out and was hoping someone here might recognize the challenge. We have a customer with 2 ISPs and they want to create a failover VPN solution to us. In our ASA 5550, we've been able to create tunnel connectionsusing both the primary and secondary IPs. It seems the packets are getting dropped in NAT when the second connection is active. I've run a packet capture and can see packets being received by the inside interface, but no packets on the outside interface. Naturally there is no activity on the other side. When the primary IP is up, everything works as planned. Posting here to see if anyone has an idea what I'm overlooking. tunnel-group CLIENT_PRIMARY_IP type ipsec-l2l tunnel-group CLIENT_PRIMARY_IP general-attributes default-group-policy GroupPolicy_CLIENT_PRIMARY_IP tunnel-group CLIENT_PRIMARY_IP ipsec-attributes ikev1 pre-shared-key ***** tunnel-group CLIENT_SECONDARY_IP type ipsec-l2l tunnel-group CLIENT_SECONDARY_IP general-attributes default-group-policy GroupPolicy_CLIENT_PRIMARY_IP tunnel-group CLIENT_SECONDARY_IP ipsec-attributes ikev1 pre-shared-key ***** crypto map outside_map 10 match address outside_cryptomap_2 crypto map outside_map 10 set pfs crypto map outside_map 10 set peer CLIENT_PRIMARY_IP CLIENT_SECONDARY_IP crypto map outside_map 10 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 crypto map outside_map 10 set security-association lifetime kilobytes unlimited group-policy GroupPolicy_CLIENT_PRIMARY_IP internal group-policy GroupPolicy_CLIENT_PRIMARY_IP attributes vpn-idle-timeout none vpn-filter value client_acl vpn-tunnel-protocol ikev1 access-list outside_cryptomap_2 extended permit ip object-group A_LOCAL_NETWORK object DEST_NETWORK_OBJ access-list client_acl extended permit icmp object-group A_DEST_NETWORK any access-list client_acl extended permit tcp object-group A_DEST_NETWORK object LOCAL_SERVER_DMZ3 nat (DMZ3,outside) source static A_LOCAL_NETWORK A_LOCAL_NETWORK destination static A_DEST_NETWORK A_DEST_NETWORK no-proxy-arp route-lookup I've tried with and without the route-lookup/no-proxy-arp attributes. Thanks in advance, Jack (CONFIDENTIALITY NOTICE: The information contained in this email may be confidential and/or privileged. This email is intended to be reviewed by only the individual or organization named above. If you are not the intended recipient, or an authorized representative of the intended recipient, you are hereby notified that any review, dissemination or copying of this email, or the information contained herein is strictly prohibited. If you have received this communication in error, please notify the sender by return email and delete this email from your system. Thank You.) To unsubscribe from the list send a blank e-mail to mailto:studiosysadmins-discuss-request@studiosysadmins.com?subject=unsubscribe

    0 0
  • 01/12/15--08:15: Alienvault
  • Alienvault
    posted by Jeremy Mullis on Jan. 12, 2015, 11:15 a.m. (2 days ago)
    Is anyone using alienvault?  Looking for feedback on issues/problems and is worth the cost versus ossim? 



    Thank you in advance.

    Jeremy

    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Is anyone using alienvault?  Looking for feedback on issues/problems and is worth the cost versus ossim? 



    Thank you in advance.

    Jeremy


    0 0

    skeleton-key-malware windows AD
    posted by Saker Klippsten on Jan. 13, 2015, 12:50 p.m. (1 day ago)
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     

    0 0
  • 01/13/15--15:20: Custom NAS for sale
  • Custom NAS for sale
    posted by Michael Oliver on Jan. 13, 2015, 6:20 p.m. (1 day ago)
    Looking to offload some storage. Everything is fine with the system but we do not currently have a use for it. Was being used as an iscsi target. Happy to shoot over more detailed hwinfo for anyone interested (smart stats, lspci-vv, hdparm -I, etc..).

    Price of the storage unit in July 2013: $18,000
    Willing to entertain any reasonable offer.

    Custom enclosure by 45 Drives. http://www.45drives.com.
    #################
    Motherboard: Supermicro X9SCL/X9SCM
    Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
    Memory: 4 x 4GB Kingston 4GB PC3-10600 DDR3-1333MHz ECC Unbuffered
    SATA port expander cards: Syba SY-PX40008
    10GBASE-T copper NIC (Intel X540-AT2) (2 ports)

    2 x 128GB SSD Boot drives (SanDisk SDSSDP128G)
    40 x 4TB/7200RPM/6Gbps (Hitachi HDS724040ALE640)
    2+1 Power supplies (redundant)
    4U enclosure


    Also have the head unit for the iSCSI target available if you need the combo (Dell 1U E5-2407/32GB RAM/10Gb NIC (dual port)). Let me know and we can figure something out.


    --
    Michael Oliver
    mcoliver@gmail.com
    858.336.1438
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Looking to offload some storage. Everything is fine with the system but we do not currently have a use for it. Was being used as an iscsi target. Happy to shoot over more detailed hwinfo for anyone interested (smart stats, lspci-vv, hdparm -I, etc..).

    Price of the storage unit in July 2013: $18,000
    Willing to entertain any reasonable offer.

    Custom enclosure by 45 Drives. http://www.45drives.com.
    #################
    Motherboard: Supermicro X9SCL/X9SCM
    Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
    Memory: 4 x 4GB Kingston 4GB PC3-10600 DDR3-1333MHz ECC Unbuffered
    SATA port expander cards: Syba SY-PX40008
    10GBASE-T copper NIC (Intel X540-AT2) (2 ports)

    2 x 128GB SSD Boot drives (SanDisk SDSSDP128G)
    40 x 4TB/7200RPM/6Gbps (Hitachi HDS724040ALE640)
    2+1 Power supplies (redundant)
    4U enclosure


    Also have the head unit for the iSCSI target available if you need the combo (Dell 1U E5-2407/32GB RAM/10Gb NIC (dual port)). Let me know and we can figure something out.


    --
    Michael Oliver
    mcoliver@gmail.com
    858.336.1438

    0 0
  • 01/14/15--05:55: Isilon OneFS 7.? upgrade
  • Isilon OneFS 7.? upgrade
    posted by Julian Firminger on Jan. 14, 2015, 8:55 a.m. (1 day ago)
    Happy new year my lovelies.

    As some of you would know, OneFS 7.0.x has it's head on the chopping block. Thus I ask you all, should I be heading for 7.1 or 7.2?

    I've heard a bit of anecdotal chatter about 7.2 perhaps not being a great move unless you're predominantly NFS, and we are not (about 90% SMB). Is this still true? Anyone had any direct experience with either/both paths?

    Julian Firminger

    Snr. Systems Administrator,
    United Broadcast Facilities
    Amsterdam, The Netherlands
    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Happy new year my lovelies.

    As some of you would know, OneFS 7.0.x has it's head on the chopping block. Thus I ask you all, should I be heading for 7.1 or 7.2?

    I've heard a bit of anecdotal chatter about 7.2 perhaps not being a great move unless you're predominantly NFS, and we are not (about 90% SMB). Is this still true? Anyone had any direct experience with either/both paths?

    Julian Firminger

    Snr. Systems Administrator,
    United Broadcast Facilities
    Amsterdam, The Netherlands

    0 0
  • 01/14/15--07:16: Welcome to 2015
  • Welcome to 2015
    posted by John Hickson on Jan. 14, 2015, 10:16 a.m. (1 day ago)

    Happy New Year Everyone!!!

    Sorry for the two week delay, but it has been very busy already this year.

    Over the pas year we deleted over 700 accounts from our database. Accounts that were inactive and that had an e-mail account that bounced.
    People change jobs all the time so we expect that to happen and we continue to prune if people neglect to update their accounts.

    As of last night we have surpassed that number and reached a total of  2001 members!
    That means we had more than 2 people joining StudioSysAdmins every day for the past year on average!

    Forum posting are way up - we continue to have great group discussions all the time.

    Job postings are up as well - Since Nov 2013 - there have been 275 postings! WOW!

     

    This year we are going to try to focus on getting the cities with meetings to meet more regular, getting attendance up, and adding more cities to allow more people to get involved.  Our New York meeting coordinator (Dan Youn) has moved to the Bay Area - more meetings there, but we need a volunteer to take over things in New York. Also, Ben De Luca has moved from London to Singapore. Luckily Willem Koopman and Peter Smith are taking over in London. Lastly thanks to Kim Pearce for taking over in Sydney.

    Please let me know if you would like to help out with meetings in your area! We always welcome the help :)

     

    Thanks to everyone for your continue support;
    John Hickson

    oh.. I think I fixed the anonymous e-mails from the website as well..

     

     

    Thread Tags:
      social 

    0 Responses     0 Plus One's     0 Comments  
     

    Happy New Year Everyone!!!

    Sorry for the two week delay, but it has been very busy already this year.

    Over the pas year we deleted over 700 accounts from our database. Accounts that were inactive and that had an e-mail account that bounced.
    People change jobs all the time so we expect that to happen and we continue to prune if people neglect to update their accounts.

    As of last night we have surpassed that number and reached a total of  2001 members!
    That means we had more than 2 people joining StudioSysAdmins every day for the past year on average!

    Forum posting are way up - we continue to have great group discussions all the time.

    Job postings are up as well - Since Nov 2013 - there have been 275 postings! WOW!

     

    This year we are going to try to focus on getting the cities with meetings to meet more regular, getting attendance up, and adding more cities to allow more people to get involved.  Our New York meeting coordinator (Dan Youn) has moved to the Bay Area - more meetings there, but we need a volunteer to take over things in New York. Also, Ben De Luca has moved from London to Singapore. Luckily Willem Koopman and Peter Smith are taking over in London. Lastly thanks to Kim Pearce for taking over in Sydney.

    Please let me know if you would like to help out with meetings in your area! We always welcome the help :)

     

    Thanks to everyone for your continue support;
    John Hickson

    oh.. I think I fixed the anonymous e-mails from the website as well..

     

     


    0 0

    Yosemite / BlueArc / SMB2.1 SMB3 kernel panics?
    posted by Jean-Francois Panisset on Jan. 14, 2015, 2 p.m. (1 day ago)
    Is anyone else running into kernel panics on Macs running 10.10.1 talking SMB 2.1 or 3.0 to a BlueArc (running 11.3.3450.10 or .12)?

    We used to get kernel panics in 10.9 running SMB 2.1, and were hoping that 10.10 would make things better, but clearly they haven't. Typical kernel crash dump stack trace:

    Backtrace continues...
    Kernel Extensions in backtrace:
    com.apple.filesystems.smbfs(3.0)[5B6D27A4-5EF7-3C70-A440-0CE3ACC0DB1B]@0xffffff7f89e4a000->0xffffff7f89ea9fff
    dependency: com.apple.kec.corecrypto(1.0)[0CB1D8BD-9EB7-3A02-8274-BCBB852B55B4]@0xffffff7f89da9000
    dependency: com.apple.kext.triggers(1.0)[F2C2AFAA-0893-3FCF-84C6-09DBAC878952]@0xffffff7f89e45000

    HDS says "we've never heard anyone else report this", so if someone else on this list is running into this, please report it to HDS so we can get some traction on getting this resolved?

    Most likely the problem is on the OS X side (in theory, nothing the server returns should be able to cause a kernel panic), but I suspect that we may have more leverage with HDS?

    JF

    Thread Tags:
      discuss-at-studiosysadmins 

    0 Responses     0 Plus One's     0 Comments  
     
    Is anyone else running into kernel panics on Macs running 10.10.1 talking SMB 2.1 or 3.0 to a BlueArc (running 11.3.3450.10 or .12)?

    We used to get kernel panics in 10.9 running SMB 2.1, and were hoping that 10.10 would make things better, but clearly they haven't. Typical kernel crash dump stack trace:

    Backtrace continues...
    Kernel Extensions in backtrace:
    com.apple.filesystems.smbfs(3.0)[5B6D27A4-5EF7-3C70-A440-0CE3ACC0DB1B]@0xffffff7f89e4a000->0xffffff7f89ea9fff
    dependency: com.apple.kec.corecrypto(1.0)[0CB1D8BD-9EB7-3A02-8274-BCBB852B55B4]@0xffffff7f89da9000
    dependency: com.apple.kext.triggers(1.0)[F2C2AFAA-0893-3FCF-84C6-09DBAC878952]@0xffffff7f89e45000

    HDS says "we've never heard anyone else report this", so if someone else on this list is running into this, please report it to HDS so we can get some traction on getting this resolved?

    Most likely the problem is on the OS X side (in theory, nothing the server returns should be able to cause a kernel panic), but I suspect that we may have more leverage with HDS?

    JF


older | 1 | .... | 118 | 119 | (Page 120) | 121 | 122 | .... | 187 | newer