Andrew Fore

Checking your password expiration date

by

While logging into one of the Linux jump boxes at work today, it occurred to me that while I recently got notified about my password expiration from our Active Directory farm, I had no idea when my Linux password would expire or what the password life was.

To find out this information you can easily use the chage command.

Here is what the output looks like:

[code language=”bash”][user@myserver ~]$ chage -l user
Last password change : Apr 09, 2015
Password expires : Jul 08, 2015
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
[/code]

It may seem like such a simple thing to do, but knowing when your password expires can be a lifesaver on occasion.

Windows Tip of the Week: Find your account password expiration date in an AD environment

by
Image of laptop with hand holding a skeleton key extending outwards through the display.

In many cases your enterprise Active Directory will not involve too many domains, in fact it is quite common for an Active Directory implementation to only include one domain.  In some cases, however, when you have the unfortunate situation of having a username in multliple domains with differing policies on password expiration it is useful to be able to know when your password, or that of another user will expire.  Here is an easy way to accomplish this from the command line.

For the current active user

[code language=”bash”]
net user /domain
[/code]

For a different user

[code language=”bash”]
net user /domain _username_here_
[/code]

Here is an example of the output:

[code language=”bash”]
User name afore
Full Name Andrew Fore
Comment
User’s comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 1/29/2015 4:38:37 PM
Password expires 4/29/2015 4:38:37 PM
Password changeable 1/29/2015 4:38:37 PM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 3/18/2015 3:27:55 PM

Logon hours allowed All

Local Group Memberships
Global Group memberships *VMWare Admins *Domain Users
*Staff
[/code]

If you notice there is a lot of useful information regarding the user account here, but of particular interest in my situation was the value of Password expires since I was trying to ensure that I got my password reset prior to the policy setting so that I would not find myself locked out over the weekend that I went on call when the Helpdesk would be closed.

Solaris Tip of the Week: a better du experience

by
Graphic showing several nested command line terminal application windows.

In my day job as a Systems Engineer I frequently find myself switching between different UNIX and Linux distributions.  While many of the commands exist on both sides of the aisle, I often find vast differences in the command line parameters that can be consumed by a given command when used in, for example, Linux vs Solaris.

Recently I came upon this again with the need to easily ferret out the majority consumer of drive space on a Solaris 10 system.  While we did have the xpg4 specification support available, the du command was still missing my favorite option “max-depth”.

In Linux I use this to limit the output to only the current directory level so that I don’t have to face to possibility of wading through a tremendously large listing of sub-directories to find the largest directory in the level I am in.  Unfortunately, in Solaris, even with xpg4, the du command doesn’t have this option, so my solution was to pipe the results through egrep and use that to filter out the sub-directories.

Read more

Desktop Google Chrome Reader Mode

by

If you are a Safari user then you are likely used to the “reader mode” which disables all the extra graphical stuff and focuses the view on the content of the article.  Thanks to a tip from Google Plus user Francois Beaufort, here’s how to enable it on the desktop (in Windows at the very least, I haven’t tried in any other OS).

If you’re on desktop, playing with it is as easy as running chrome with the –enable-dom-distiller switch. Once it’s done, you’ll notice a new “Distill page” menu item.

Hopefully this will make it to mainstream with a nice icon.

Creating a firewalld service for Plex Media Server

by

plex_firewalld-4141008I recently rebuilt my Plex Media Server box as a CentOS 7 VM running on Hyper-V on a Windows Server 2012 setup.

When I installed the rpm and started the service I found that I was unable to load the interface on my desktop. I knew that it was running because I installed netstat and I was able to see the port was open for traffic and I was also able to load the interface locally in lynx on the server.

Read more

Starting anew in 2015 – a resolution

by

As the new year broke upon us just over two weeks ago, I found myself wondering what resolutions I should make to improve myself during the next twelve months.  In the past I have made resolutions about inconsequential things like reading more books or taking more photos.  I even tried to participate in a photo a day and managed to make it through two months before giving up.

Read more

Configuring AWStats for subdirectories | arfore dot com

by

AWStats is a great open-source stats analyzation program.

In the process of setting up a replacement webserver at VSU I was investigating the replacement of analog, another nice open-source stats program.

The problem with analog is that the people requesting stats were confused by the technical output. These people aren’t computer folks, they just want to know who or what or when the pages they maintain are being visited.

The default setup of AWStats is fairly easy to accomplish, but if you want to generate separated stats on individual directories off the web root, then it takes a little know how.

In the configuration file for AWStats, there is a section that allows you to limit the processing to a given set of files. Interestingly enough the variable controlling this is called OnlyFiles. The relevant section of the default configuration file is:

# Include in stats, only accesses to URLs that match one of following entries. # For example, if you want AWStats to filter access to keep only stats that # match a particular string, like a particular directory, you can add this # directory name in this parameter. # The opposite parameter of “OnlyFiles” is “SkipFiles”. # Note: Use space between each value. This parameter is or not case sensitive # depending on URLNotCaseSensitive parameter. # Note: You can use regular expression values writing value with REGEX[value]. # Change : Effective for new updates only # Example: “REGEX[marketing_directory] REGEX[office\/.*\.(csv|sxw)$]” # Default: “” #

OnlyFiles=””

What you have to do is to change the value to the regular expression that represents you desired subset. For instance if you wanted to limit the stats generation to the directory foobarbaz then the particular string would be:

OnlyFiles=”REGEX[^\/foobarbaz]”

In order to make this work without keeping you from obtaining stats for the entire site as well you will need to duplicate the master configuration file for awstats and alter the entry as stated above. Make sure the provide a unique name for the config file, such as:

awstats.foobarbaz.conf

Automating VMWare Tools reconfiguration | arfore dot com

by

One of the pains that come with kernel updates in Linux is the necessity to rebuild vendor kernel modules or custom written kernel modules.

As time goes by many vendors are adding support for the Dynamic Kernel Module Support (DKMS) framework.  Recent releases of both the ATI Catalyst and the NVIDIA drivers support DKMS at some level.  VMWare is currently exploring this and you can turn it on (if you have DKMS support installed) however, it is still marked as experimental.

On my production servers we don’t encourage widespread use of experimental features so this has not been enabled with the VMWare Tools installation.  Unfortunately this means that during the patching process it is possible to lose network connectivity due to the need to rebuild the VMWare Tools configuration after a kernel update.

I found one solution to this on the LinuxDynasty site.  The problem with this particular method is that the file that is being checked for “not_configured” only gets written in a small set of circumstances.  In my case, the VM was partially configured, so this file wasn’t written.

Here is my alteration of the solution linked to above.

Update the code in the vmware-tools startup script

In the following file:

Add the following line after the vmblockfusemntpt variable declaration

rebuild_tools=”/etc/vmware-tools/rebuild_needed”

Then add the following line in the end of the start case for the service (around line 1370)

Add the check code to the rc.local startup script

In the file

Add the following to the end of the file

 rkernel=`uname -r`
if [ -e /etc/vmware-tools/rebuild_needed ]; then
echo “vmware-tools not configured for running kernel $rkernel”
echo “running vmware-config-tools.pl”
/usr/bin/vmware-config-tools.pl -d
echo “vmware-tools now compiled for running kernel $rkernel”
echo “restarting vmware-tools”
/etc/init.d/vmware-tools restart
echo “vmware-tools restarted”
echo “restarting networking”
/etc/init.d/network restart
echo “network restarted”
rm /etc/vmware-tools/rebuild_needed
exit 0
fi

Now the next time you reboot your Linux box after updating the kernel, the vmware tools will be properly reconfigured and the appropriate services restarted automatically.

Fixing my Olevia 237-T12 LCD television | arfore dot com

by

So the other night when I got home I found a sad situation.  My LCD television wouldn’t display a picture. The backlight would come on when the power button was pressed (on the tv or the remote), but nothing else was happening.

The first fix I tried was what some forums were calling an EEPROM reset. To do this follow these steps:

  1. Turn on the tv (blue led should go off)
  2. Unplug the tv from the main power
  3. Leave unplugged for 5-10 minutes (varies on exact model)
  4. Turn off the main power supply switch (located next to the power port)
  5. Plug the tv back in to main power
  6. Turn the main switch back on

In my case this procedure elicited no change to the problem, so I continued looking for other answers.  In one forum I found a reference to replacing the backlight, mainboard, or power supply. In my case the backlight was working fine and the power supply was as well.  After looking in the service manual for the 237-T11, I did find that the mainboard was fairly accessible, so if I had to get a new board it wouldn’t be that difficult to replace it.

Before taking the hardware fix route I decided to see if my problem could be resolved by a firmware update.  Olevia helpfully included a USB port on the back panel of the unit to allow for a firmware upgrade.  Since my purchase of the unit in November of 2007 at Target’s Black Friday sale, I had not applied any of the firmware updates.

Unfortunately in 2008, Syntax-Brillian, the manufacturer of the Olevia brand, filed for bankruptcy.  This made getting my hands on the firmware files, update software and instructions a little difficult.  After some diligent research I found a thread on AVSForum that had the files I needed.

The driver files didn’t work properly for my Windows 7 laptop, however they are easily obtained from the Prolific USA website (there are also drivers for Linux and MacOS X).

After following the instructions for updating I powered off the unit, waited a minute or two then powered it back on.  Success!  I was greeted with the familiar white and blue Olevia logo screen.

As an additional backup for the benefit of any other user’s, here are links to the necessary files: