Currently looking for opportunities in Taranaki - Contract, Full time or Part time
Open Powershell as an administrator
Run
Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Enum\HID\*\*\Device` Parameters FlipFlopWheel -EA 0 | ForEach-Object { Set-ItemProperty $_.PSPath FlipFlopWheel 1 }
Verify that all mice devices have had their FlipFlopWheel attributes set to 1
Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Enum\HID\*\*\Device` Parameters FlipFlopWheel -EA 0
Reboot
df -h
free -m
top
htop
iftop
iptraf-ng
atop
virt-top
ps aux
virt-manager
tar zxvf
Centos
https://www.itzgeek.com/how-tos/linux/centos-how-tos/install-xrdp-on-centos-7-rhel-7.html
xrdp is available in EPEL repository, so Install and configure EPEL repository.
yum install epel-release
Use YUM command to install xrdp package on CentOS 7 / RHEL 7.
yum -y install xrdp tigervnc-server
Once xrdp is installed, start the xrdp service using the following command.
systemctl start xrdp
xrdp should now be listening on 3389. You can confirm this by using netstat command.
netstat -antup | grep xrdp
Output:
tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 1508/xrdp
tcp 0 0 127.0.0.1:3350 0.0.0.0:* LISTEN 1507/xrdp-sesman
READ: netstat command not found on CentOS 7 / RHEL 7 – Quick Fix
By default, xrdp service won’t start automatically after a system reboot. Run the following command in the terminal to enable the service at system startup.
systemctl enable xrdp
Configure the firewall to allow RDP connection from external machines. The following command will add the exception for RDP port (3389).
firewall-cmd --permanent --add-port=3389/tcp
firewall-cmd --reload
Configure SELinux
chcon --type=bin_t /usr/sbin/xrdp
chcon --type=bin_t /usr/sbin/xrdp-sesman
If you do not want to use the default desktop environment, you can customize it by creating a .Xclients file (X is capital!!!) in your home directory to launch the desktop environment you want and making it executable. In order to do this, open a terminal and run one of the following commands
echo "gnome-session" > ~/.Xclients
chmod +x ~/.Xclients
sudo systemctl restart xrdp.service
echo "gnome-fallback" > ~/.Xclients
chmod +x ~/.Xclients
sudo systemctl restart xrdp.service
echo "startkde" > ~/.Xclients
chmod +x ~/.Xclients
sudo systemctl restart xrdp.service
echo "mate-session" > ~/.Xclients
chmod +x ~/.Xclients
sudo systemctl restart xrdp.service
echo "cinnamon" > ~/.Xclients
chmod +x ~/.Xclients
sudo systemctl restart xrdp.service
echo "startxfce4" > ~/.Xclients
chmod +x ~/.Xclients
sudo systemctl restart xrdp.service
The solution is basically to create the proper file, with the proper file extension and proper syntax to be used so the system recognize fully the authorization rules and does not crash anymore. Based on the documentation founded here, the following .pkla file has been generated. This file tell the PolKit framework that any users can perform actions defined in the colord.xml policy file
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
Save the file as 45-allow-colord.pkla and place it in the following directory (you need admin rights to copy files in this location !!)
/etc/polkit-1/localauthority/50-local.d/
Before trying to connect remotely to your system, ensure that the /var/crash directory is empty. You can delete the content of the directory using the following command
sudo rm /var/crash/*
When done, try to perform a remote connection and if everything works as expected, you should have access to your desktop with no Authentication Required Popups and no system crash popup. Double check that no crash report has been generated while using the new Polkit format file by checking the content of /var/crash directory. It should be empty….
http://c-nergy.be/blog/?p=12043
Use the yum command to install following packages from the command line.
yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation openldap-clients policycoreutils-python
Update the /etc/hosts file and /etc/resolv.conf so that dns name or hostname of AD server gets resolved correctly. In my case AD server hostname is “adserver.example.com“, so place the below line in /etc/hosts file
192.168.0.151 adserver.example.com adserver
Contents of resolv.conf should be something like below. Just replace the domain name and ip address of dns server as per your setup
[root@servera ~]# cat /etc/resolv.conf
search example.com
nameserver 192.168.0.151
[root@servera ~]#
When we install above required packages then realm command will be available. We will use beneath realm command to integrate CentOS 7 or RHEL 7 with AD via the user “tech”. tech is a bind user which have required privileges on AD or we can also administrator user of AD Server for integration purpose.
[root@servera ~]# realm join --user=tech adserver.example.com
Password for tech:
[root@servera ~]#
Now verify whether our server has joined the Windows domain or not. Simply run the command ‘realm list‘
[root@servera ~]# realm list
example.com
type: kerberos
realm-name: EXAMPLE.COM
domain-name: example.com
configured: kerberos-member
server-software: active-directory
client-software: sssd
required-package: oddjob
required-package: oddjob-mkhomedir
required-package: sssd
required-package: adcli
required-package: samba-common-tools
login-formats: %U@example.com
login-policy: allow-realm-logins
[root@servera ~]#
Whenever we run ‘realm join’ command it will automatically configure ‘/etc/sssd/sssd.conf‘ file.
With ‘id‘ command on Linux we can verify the user’s uid and gid and their group information. At this point of time our server is now the part of windows domain. Use below command to verify AD users details.
[root@servera ~]# id linuxtechi@example.com
uid=1997801106(linuxtechi@example.com) gid=1997800513(domain users@example.com) groups=1997800513(domain users@example.com)
[root@servera ~]#
You might have noticed in above command that i have mentioned domain name as well along with user name because this is controlled by ‘/etc/sssd/sssd.conf’ file. If we execute id command without domain name then we will not get any details for user.
[root@servera ~]# id linuxtechi
id: linuxtechi: no such user
[root@servera ~]#
We can change this behavior by editing the file /etc/sssd/sssd.conf.
Change the following parameters from
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
to
use_fully_qualified_names = False
fallback_homedir = /home/%u
Restart the sssd service using following systemctl command
[root@servera ~]# systemctl restart sssd
[root@servera ~]# systemctl daemon-reload
Now run the id command and see whether you are able get AD user details without mentioning domain name
[root@servera ~]# id linuxtechi
uid=1997801106(linuxtechi) gid=1997800513(domain users) groups=1997800513(domain users)
[root@servera ~]#
Let’s try ssh CentOS 7 or RHEL 7 Server with AD credentials
[root@lnxdesktop ~]# ssh linuxtechi@192.168.0.20
linuxtechi@192.168.0.20's password:
Last login: Fri Mar 3 10:18:41 2017 from serverb.example.com
[linuxtechi@servera ~]$ id
uid=1997801106(linuxtechi) gid=1997800513(domain users) groups=1997800513(domain users)
[linuxtechi@servera ~]$ pwd
/home/linuxtechi
[linuxtechi@servera ~]$
In case you want to configure sudo rights for AD users then the best way is to create a group on AD with name sudoers and add Linux/UNIX users in that group and on Linux Server create a file with name “sudoers” under the folder /etc/sudoers.d/
Put the following content in the file.
[root@servera ~]# cat /etc/sudoers.d/sudoers
%sudoers ALL=(ALL) ALL
[root@servera ~]#
In my case I have given all the rights to the users which are part of sudoers group. Once your done with these changes re-login to your server with AD credentials and see whether user is part of sudoers group.
AD-User-Sudoers-Group-Linux
That’s all from this article, Hope you guys got an idea how to join RHEL or CentOS server with Windows Domain. Please share your feedback and valuable comments.
To remove a system from an identity domain, use the realm leave command. The command removes the domain configuration from SSSD and the local system.
# realm leave ad.example.com
By default, the removal is performed as the default administrator. For AD, the administrator account is called Administrator; for IdM, it is called admin. If a different user was used to join to the domain, it might be required to perform the removal as that user. To specify a different user, use the -U option:
# realm leave ad.example.com -U 'AD.EXAMPLE.COM\user'
The command first attempts to connect without credentials, but it prompts for a password if required.
Note that when a client leaves a domain, the computer account is not deleted from the directory; the local client configuration is only removed. If you want to delete the computer account, run the command with the --remove option specified.
EXAMPLES
Got the CentOS7 + SSSD + samba configuration working. Here are the steps and the configuration files. Please note that you will have to substitute your values for the stuff in "<>". The "<>" are not needed. Uppercase when used should be in uppercase.
These are the steps:
NOTE: The configuration file values which worked for me are given after these steps.
1)vi /etc/krb5.conf
2)yum install sssd -y
3)vi /etc/sssd/sssd.conf
4)chmod 0600 /etc/sssd/sssd.conf
5)ktutil (the syntax of this command is explained after these steps)
6)authconfig --enablesssd --enablesssdauth --enablemkhomedir --update
7)systemctl start sssd
8)systemctl enable sssd
9)adcli join
NOTE: Please lookup the syntax of the adcli command. We avoid the realm command as it strips away important configuration from sssd.conf. You may try the realm command and it might work for you.
10)yum install samba -y
11)vi /etc/samba/smb.conf
12)net ads join -U <AD username%Password>
13)systemctl start smb
14)systemctl enable smb
[sssd]
config_file_version = 2
domains = MYDOMAIN.COM
services = nss, pam, pac, ssh
# Uncomment and adjust if the default principal SHORTNAME$@REALM is not available
# ldap_sasl_authid = host/client.ad.example.com@AD.EXAMPLE.COM
# Comment out if you prefer to user shortnames.
#use_fully_qualified_names = True
#ldap_idmap_range_size = 2000000000
#ldap_idmap_range_size = 2000000000
[domain/MYDOMAIN.COM]
ad_domain = MYDOMAIN.COM
krb5_realm = MYDOMAIN.COM
cache_credentials = True
id_provider = ad
auth_provider = krb5
krb5_server = SERVER2.MYDOMAIN.COM
krb5_ccachedir = /tmp
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%d/%u
ldap_id_mapping = true
ldap_idmap_default_domain_sid = <sid>
ldap_idmap_autorid_compat = True
ldap_max_id = 2000200000
ldap_idmap_range_size = 2000000000
access_provider = ad
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_keytab_name = FILE:/etc/krb5.keytab
[realms]
MYDOMAIN.COM = {
kdc = SERVER1.MYDOMAIN.COM
admin_server = SERVER1.MYDOMAIN.COM
admin_server = SERVER2.MYDOMAIN.COM
admin_server = SERVER3.MYDOMAIN.COM
admin_server = SERVER4.MYDOMAIN.COM
}
[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM
[global]
workgroup = my
realm = MYDOMAIN.COM
netbios name = <server hostname>
password server = *
server string = Samba Server Version %v
security =ADS
log file = /var/log/samba/log.%m
max log size = 5000
load printers = No
idmap config * : backend = tdb
log level = 4
local master = no
domain master = no
preferred master = no
wins support = no
wins proxy = no
dns proxy = yes
name resolve order = wins bcast host lmhosts
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = <AD username>
path = /home/homes
[homes1]
comment = Home Directories
browseable = no
writable = yes
valid users = @"<AD group@mydomain.com>"
path = /home/homes1
#ktutil
#ktutil: addent -password -p username@ADS.IU.EDU -k 1 -e rc4-hmac
Password for username@ADS.IU.EDU: [enter your password]
#ktutil: wkt /etc/krb5.keytab
#ktutil: quit
https://www.linuxtechi.com/integrate-rhel7-centos7-windows-active-directory/
https://www.centos.org/forums/viewtopic.php?t=52872
In the PowerPC days, we talked about resetting the PRAM. On modern Macs, the real term is resetting the NVRAM. The name refers to special memory sections on your Mac that store data that persists even when the Mac is shut off, such as volume settings and screen resolution.
Resetting that data isn't harmful, but quite frankly it's also rarely genuinely useful. But it can't hurt.
You might need to grow an extra finger or two for this one, or have a friend help you out. Here's how to reset the PRAM/NVRAM on your Mac:
Hold down all of these keys: Command, Option (Alt), P and R, and turn on the Mac (it's the same keys to reset the PRAM).
Keep holding the keys down until you hear the Mac restart again.
Listen for a second reboot, and then release the keys.
In some cases, after performing this step, your Mac will restart normally. In other cases, you might instead see a progress bar on startup. If the progress bar fills up and then the Mac starts up, you're probably good to go. In some cases we've seen, however, the Mac shuts down at around the halfway point in the progress bar.
In some situations, you may need to reset your Mac's SMC (System Management Controller). This is largely a last-ditch attempt to fix the current version of macOS before attempting to recover the data and moving on to reinstalling the OS.
Here's what to do if you want to reset the SMC:
On a Mac laptop:
Shut down the MacBook.
Unplug and then reconnect the power cable.
Press Shift + Ctrl + Option/Alt keys and the power button at the same time.
Now release all those keys and the power button at the same time.
You may see the light on the power cable flicker.
Restart your MacBook.
On a Mac desktop:
Shut down the Mac.
Unplug it.
Press the power button for 5 seconds.
Plug the Mac back in.
Turn on your Mac.
Follow these steps to Safe Boot your Mac:
Start your Mac
Press and hold the Shift key
The Apple logo should appear
When the login window appears release the shift key and log in
You may be required to log in twice if you have FileVault turned on
The most often used way to enter Recovery Mode (on a Mac with an Intel processor) is this:
Click on Apple logo at the top left of the screen.
Select Restart.
Immediately hold down the Command and R keys until you see an Apple logo or spinning globe. You will see the spinning globe if the Mac is trying to start macOS Recovery via the internet because it is unable to start from the built-in recovery system.
Depending on what you want to do with macOS Recovery there are a number of key combinations to use during start up - these options work on an Intel-powered Mac:
Use this if you want to install the latest version of macOS that you had installed on your Mac (it won't install a newer version if you hadn't upgraded). Note that if you're selling or giving away a Mac that is using OS X El Capitan or earlier you should also use Command + R - this will make sure that the installation isn't associated with your Apple ID.
Use this if you want to upgrade to the latest version of macOS that is compatible with your Mac.
This will install the version of macOS that came with your Mac, or the one closest to that version if it isn't available as a download.
This step is actually kind of fun - at least when it's not your Mac that's under the weather. It's fun because it feels so geeky.
Shut the Mac off, and start it up again while holding Cmd + S to launch in Single User Mode. You can release the keys when the intimidating black screen with messages in white text appears.
Wait until the command-line prompt appears, when all the text is done scrolling past. Then type fsck -fy and hit Return. And wait. Possibly for several long minutes.
Eventually, after five different checks that take varying amounts of time, you should get to one of two messages: "The volume [your Mac's name] appears to be OK" or "FILE SYSTEM WAS MODIFIED."
If you encounter the first message, type reboot and press Return.
If you see the latter message, you need to run fsck -fy all over again. You can retype the command and hit Return, or press the Up arrow once and then press Return.
How To Fix a Mac Or MacBook That Won't Turn On Or Boot Up - Macworld UK
How to boot a Mac in Safe Mode - Macworld UK
How To Use Mac Recovery Mode - Macworld UK
Downright Dunne Right: Full/Incremental Backup Cutoff in Windows 7 Backup (codydunne.blogspot.com)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup\AutomaticFullBackup]
"Enabled"=dword:00000001
"TimePeriodInDays"=dword:00000007
"OlderFilesSizePercentage"=dword:00000099
Registry key to control enable/disable automatic switching to full backup:
Path: SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup\AutomaticFullBackup
Name: Enabled
Type: DWORD
Value: 0 indicates automatic full backup is disabled, non-zero indicates it is enabled
Default if not specified: 1
Registry key to control the time period when backup should automatically switch to full:
Path: SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup\AutomaticFullBackup
Name: TimePeriodInDays
Type: DWORD
Value: Count of days
Default if not specified: 365
Registry key to control the % of deleted/missing + older versions of files that determines whether to switch to full backup:
Path: SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup\AutomaticFullBackup
Name: OlderFilesSizePercentage
Type: DWORD
Value: Percentage value from 0 to 100
Default if not specified: 50