Category: Unix-Linux


How to bind a MAC to a Windows domain:

Third-party Tools:

Nomad    nomad.menu

Centrify   www.centrify.com

Procedures and white papers:

https://www.pluralsight.com/blog/tutorials/join-mac-to-windows-domain

Apple support articles: https://support.apple.com/kb/index?page=search&type=organic&src=support_searchbox_main&locale=en_US&q=active+directory

https://www.jamf.com/jamf-nation/discussions/23175/binding-mac-to-ad-issue

 

Advertisements

Source: http://thehackernews.com/2017/07/windows-10-ubuntu-linux.html

Windows and Linux in the same line? Yes, you heard that right… and that too, on the same computer and within the same operating system.

Two months ago, Microsoft announced its plans to let its users install three different flavours of the Linux operating system – Ubuntu, Fedora, and SUSE – directly through their Windows Store, allowing them to run Windows and Linux apps side-by-side.

Now, downloading an entire operating system has just become as easy as downloading an application with the availability of popular Linux distro ‘Ubuntu’ in the Windows App Store.

However, unlike a conventional Ubuntu installation, this Ubuntu version runs in a sandboxed alongside Windows 10 with limited interaction with the operating system and is focused on running regular command-line utilities like bash or SSH as a standalone installation through an Ubuntu Terminal.

For now, Ubuntu is currently only available to Windows 10 Insiders users and would be made available to the public with the upcoming Windows 10 Fall Creator Update, which is expected to release in September/October 2017.

Here’s How to Install and Run Ubuntu on Windows 10

Users registered in Windows 10 Insiders Program with at least “Build 16215” installed can directly install Ubuntu from the Windows Store, which will allow them to “use Ubuntu Terminal and run Ubuntu command line utilities including bash, ssh, git, apt and many more.”

After installing Ubuntu, Windows 10 users will require enabling “Windows Subsystem for Linux” that was previously added to Windows 10.

How to

http://www.numerama.com/tech/158150-le-shell-bash-sous-windows-10-ce-quil-faut-savoir.html

 

Technet article: https://technet.microsoft.com/en-us/library/cc978014.aspx

” Explanation:

When a requested object exists in the directory but is not present on the contacted domain controller, name resolution depends on that domain controller’s knowledge of how the directory is partitioned. In a partitioned directory, by definition, the entire directory is not always available on any one domain controller.

An LDAP referral is a domain controller’s way of indicating to a client application that it does not have a copy of a requested object (or, more precisely, that it does not hold the section of the directory tree where that object would be, if in fact it exists) and giving the client a location that is more likely to hold the object, which the client uses as the basis for a DNS search for a domain controller. Ideally, referrals always reference a domain controller that indeed holds the object. However, it is possible for the referred-to domain controller to generate yet another referral, although it usually does not take long to discover that the object does not exist and to inform the client. Active Directory returns referrals in accordance with RFC 2251. ”

Atlassian KB article: https://confluence.atlassian.com/confkb/user-lookups-fail-with-partialresultexceptions-due-to-active-directory-follow-referrals-configuration-612959323.html

 

 

Web article:

https://technet.microsoft.com/en-us/library/cc784450(v=ws.10).aspx

 

How to test SSL/TLS:

You can easily see what SSL protocol a server supports (and even grab the certificate from there) example below with openSSL:

openssl s_client -connect myserver.mydomain.local:636 -ssl3
openssl s_client -connect myserver.mydomain.local:636 -tls1
openssl s_client -connect myserver.mydomain.local:636 -tls1_1
openssl s_client -connect myserver.mydomain.local:636 -tls1_2

All those reports successfull connection SSL handshake and present the proper server certificate.

And it is very easy anyway for a client to get supported SSL protocols on a remote server, it is how client <==> server handshake works to
select an agreed protocol supported on both sides.

I suggest you check on application side …

# nmap –script ssl-enum-ciphers -p 636 myserver.mydomain.local

Starting Nmap 6.46 ( http://nmap.org ) at 2017-02-16 18:22 CET
Nmap scan report for myserver.mydomain.local (172.19.133.64)
Host is up (0.025s latency).
PORT STATE SERVICE
636/tcp open ldapssl
| ssl-enum-ciphers:
| SSLv3:
| ciphers:
| TLS_RSA_WITH_3DES_EDE_CBC_SHA – strong
| TLS_RSA_WITH_RC4_128_MD5 – strong
| TLS_RSA_WITH_RC4_128_SHA – strong
| compressors:
| NULL
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA – strong
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA – strong
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA – strong
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA – strong
| TLS_RSA_WITH_3DES_EDE_CBC_SHA – strong
| TLS_RSA_WITH_AES_128_CBC_SHA – strong

 

Suricata IDS: https://suricata-ids.org/

Snort IDS: https://www.snort.org/

Vulnerability mgmt:

https://www.rapid7.com/

https://www.tenable.com/products/nessus-vulnerability-scanner

 

 

 

 

Reference: https://blogs.technet.microsoft.com/askds/2011/07/28/troubleshooting-sid-translation-failures-from-the-obvious-to-the-not-so-obvious/

https://www.microsoft.com/en-US/download/details.aspx?id=53314

How Domain and Forest trusts work: https://technet.microsoft.com/en-us/library/cc757352(v=ws.10).aspx

EMC ISILON SID translation errors: https://community.emc.com/thread/177333?tstart=0

 

Actions to do:

Check Trust relationships

Check Firewall logs and use portqry to test ports required. Also use nltest; netdom command lines.

Check GPO: Network access: Allow anonymous SID/Name translation

and  The following groups have the “Access this Computer from the Network” permission on domain controllers by default:

Administrators
Authenticated Users
Everyone

During the hard exercise to recruit an IT Pros, you are obliged to ask questions, here are links to some Q&A:

http://www.techiebird.com/sendmail.html

https://www.brentozar.com/archive/2009/07/top-10-interview-questions-for-windows-sysadmins/

http://www.01world.in/p/windows.html

http://resources.intenseschool.com/top-interview-questions-for-system-administrators-microsoft/

https://www.toptal.com/sql/interview-questions

https://dwbi.org/database/sql/72-top-20-sql-interview-questions-with-answers

http://www.indiabix.com/technical/sql-server-common-questions/

https://www.linux.com/blog/10-job-interview-questions-linux-system-administrators

http://computernetworkingnotes.com/rhce-interview-questions/linux-interview-questions-for-experienced.html

 

 

Bash on Windows 10:

https://blogs.msdn.microsoft.com/powershell/2016/04/01/bash-for-windows-why-its-awesome-and-what-it-means-for-powershell/

OpenSSH:

https://github.com/PowerShell/Win32-OpenSSH/wiki

https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH

Other videos:

http://www.youtube.com/watch?v=DHAEsUL6rsw

 

List of command line tools used by all network/system administrators:

ping

tracert

psping, tcpview, psexec, autoruns, sysmon (www.microsoft.com/sysinternals)

rpcping

telnet

pathping

fport (www.foundstone.com)

netstat

nslookup

dig   (part of bind package)

portqry

test-netconnection (powershell cmdlet only available for Win 8.1 or greater)