Creating an anonymous SMB network share

Today I needed to open a SMB share to be accessible outside of the domain, without asking for a password. Followed the instructions of Nikola’s blog and it’s done. Remark that Winodows is so intuitive that you need written instructions to achieve such a simple task:

  1. Share a folder by opening folder properties, navigating to Sharing tab and clicking
    Advanced Sharing…
    2015-03-10_18-34-08
  2. Enable sharing and click Permissions
    2015-03-10_18-34-35
  3. Add Everyone (should already be there), Guest and ANONYMOUS LOGON and give them Read access
    2015-03-10_18-35-07
  4. Open Group Policy Editor (hit Ctrl+R, type gpedit.msc and hit enter)
  5. Navigate to Computer Configuration → Windows Settings → Security Options
    2015-03-10_18-50-30
  6. Change following:
    • Accounts: Guest account status – change to Enabled
    • Network access: Let Everyone permissions apply to anonymous users – change to Enabled
    • Network access: Restrict anonymous access to Named Pipes and Shares – change to Disabled
    • Network access: Shares that can be accessed anonymously – enter name of share you created in the text field
      2015-03-10_18-49-23

This let me access the share \\<MachineName>\Share without providing any login information.

Source: http://nikolar.com/2015/03/10/creating-network-share-with-anonymous-access/

Posted in IT stuff | Tagged , , , | Leave a comment

Get NTFS/exfat access on CentOS 6.8 i386

Today I needed to have pen drive support on a CentOS 6.8 i386 box. That’s how I got it:

  1. Getting the NTFS/exfat support
    su
    yum install epel-release
    yum install ntfs-3g
    yum install ntfsprogs ntfsprogs-gnomevfs
    yum -y install epel-release && rpm -Uvh
     http://li.nux.ro/download/nux/dextop/el6/x86_64/nux-dextop-release-0-2.el6.nux.noarch.rpm
    yum update
    yum install fuse-exfat exfat-utils
  2. Actually mounting the device
    fdisk -l
    mount -t exfat /dev/sdb1 /mnt/

Sources:

  1. https://wiki.centos.org/fr/TipsAndTricks/NTFS
  2. https://www.kickass.se/?p=74
Posted in IT stuff | Tagged , , , | Leave a comment

Using galleries (or other accesses to ORDER BY FIELD() ) in WordPress over PostgreSQL using PG4WP driver

Issue
Galleries in WordPress 3.6 does not show in a setup over a PostgreSQL database using PG4WP driver.

Diagnostic
The gallery functionality makes use of ORDER BY FIELD() MySQL command that is not handled by the PG4WP 1.3.1 driver.

Solution
Tweak the driver file ( /path to WordPress install/wp-content/pg4wp/driver_pgsql.php ) to include the following lines
//ORDER BY FIELD ISSUE -- Vitorio 2015-10
$pattern = '/ FIELD\(\s*([\w.]+\s*)((,\s*\d+)*)\s*\)/i';
if( preg_match($pattern, $sql, $matches))
{
$name = $matches[1];
$fields = preg_split('/\s*,\s*/', $matches[2]);
unset($fields[0]);
$order_by = " CASE ";
$count = 1;
foreach($fields as $field)
{
$order_by .= "WHEN ".$name."='".$field."' THEN ".$count++." ";
}
$order_by .= "ELSE ".$count." END";
$sql = preg_replace( $pattern, $order_by, $sql);
if( PG4WP_DEBUG)
error_log( '['.microtime(true)."] Changing $pattern to $order_by in $sql\n", 3, PG4WP_LOG.'pg4wp_SELECT.log');
}

at the pg4wp_rewrite function, inside the
if( 0 === strpos($sql, 'SELECT'))
I put it just before
// UNIX_TIMESTAMP in MYSQL returns an integer
$pattern = '/UNIX_TIMESTAMP\(([^\)]+)\)/';
$sql = preg_replace( $pattern, 'ROUND(DATE_PART(\'epoch\',$1))', $sql);

but the position is arbitrary.

Source: http://stackoverflow.com/questions/1309624/simulating-mysqls-order-by-field-in-postgresql

Posted in IT stuff | Tagged , , | Leave a comment

Regroup linked files inside a Word document (Office 2010/2013)

Problem: Got a Word document (this works with Excel/Powerpoints as well) with linked images instead of embedded ones. Needed to put all of them into the document.

Solution:

  1. Open Word, and go to ‘FILE’ -> ‘Options’
    Word2013-AutomaticallyUpdateLinkedFile1
  2. Go to ‘Quick Access Toolbar’ section
  3. Under ‘Choose commands from’ select ‘All Commands’ and select ‘Edit Links to Files’
  4. Click on the ‘Add’ button to add it to the quick access toolbar.
  5. Click ‘OK’ to save the changes
    Word2013-UnlickFiles1
  6. You’ll now find a new icon for ‘Edit Links to Files’ in the quick access toolbar at the top left of Word, click on it.
    Word2013-UnlickFiles2
    The ‘Links’ window will open and will list all the files that are linked to the document.
  7. Select the file(s) you want to unlink and click ‘Break’ and make sure the option ‘Save picture in document’ is ticked.
  8. Click ‘OK’ to save the changes.
    Word2013-UnlickFiles3
  9. That’s all. The file(s) will now be unlinked. It (they) will remain in the Word document as a picture.

PS: In french version of Microsoft Office, the option is called ‘Modifier les liens d’accès aux fichiers’

Source: https://www.itsupportguides.com/office-2013/word-2013-how-to-remove-links-to-other-files/

Posted in IT stuff | Tagged , | Leave a comment

Installing wifi access points based on DD-WRT with multiple SSIDs and separated networks

Context: In our LAN, we needed multiple wireless access points serving two different SSIDs, a main one with full access to the private network, and a guest one, only allowed to go to Internet. Cheap personal wireless access points do have a guest SSID possibility but only if the router is directly connected to the WAN. In our case, the access points will be distributed on the network and connected via the LAN to the main router. So, we choose the ASUS RT-AC87U for its good reviews about coverage, performance and stability, and by the fact it supports natevely DD-WRT, an Open Source router firmware that allow many things, including multiples SSIDs and firewall.

The first part of this article explains how to setup a double (or multiple) SSID on an access point. Then we will see the particularities for a router (need of multiple DHCP servers).

Setup a multiple-SSID Access point

  1. From a fresh install of the DD-WRT firmware, put it into your network on the basic setup tab (IP/subnet/gateway config).
    Capture d’écran 2015-09-16 à 10.02.32
  2. Still on basic setup tab, disable DHCP server. As this is an access point, we are assuming that your main network already have a DHCP server or that you don’t want it at all. “Use DNSMasq for DHCP”, “Use DNSMasq for DNS” and “DHCP-Authoritative” options are ticked but honestly, I don’t know if this changes anything. I am curious to have your feedback on the comments, if you test ticking/unticking those options.
    Capture d’écran 2015-09-16 à 10.03.10
  3. At the Wireless -> Basic setup tab, setup your wireless networks as wanted. The only mandatory option is to get them bridged. There are some tutorials about making guest networks unbridging the interfaces directly in this tab. This works, but as we got more and more devices with dual-band, each unbridged interface get ungrouped. So, I prefer dealing with bridges later at the networking tabs.
    Capture d’écran 2015-09-16 à 10.04.04
    Capture d’écran 2015-09-16 à 10.04.22
  4. At the Wireless -> Wireless Security tab setup the security wanted.
    Wireless security
  5. Come back to Setup -> Networking, create a second bridge br1 and assign to it the interfaces you want to isolate. In my case it’s wl0.1 and wl1.1 corresponding to the wireless virtual interfaces on both bands. In the new bridge, setup a new IP network, like 192.168.3.1 for example.
    Bridging
  6. At the end of the page Setup -> Networking create a DHCP server for the new network (if you wish to have DHCP).
    Serveur DHCP
  7. At the Services -> Services tab configure DNSMasq as following:
    interface=br1
    dhcp-option=br1,3,gateway_IP
    dhcp-range=br1,192.168.3.100,192.168.3.150,255.255.255.0,24h
    dhcp-option=br1,6,ns1,ns2

    Where gateway_IP is the IP of the gateway of the network (192.168.3.1 if you followed the same numbering as me), ns1 and ns2 are the name servers you use (internal of your network, provided by your ISP or public ones like Google’s name server 8.8.8.8).
    DNSMasq options

  8. At the tab Administration -> Commands, setup a firewall based on the following model (adapt as you wish):
    #Enable NAT on the WAN (Correct a BUG)
    iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
    
    #Restrict br1 from accessing br0
    iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
    
    #Restrict br1 from accessing the router
    iptables -I INPUT -i br1 -m state --state NEW -j DROP
    
    #Allow br1 to access DHCP on the router
    iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
    
    #Allow br1 to access DNS on the router
    iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
    iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

    Save clicking save Firewall button.

  9. Reboot your access point and test. You should now have both SSID working and the guest one (configured at br1) having access only to Internet (if you used AP isolation on the Wireless -> Basic Settings). At least, It should not see the main network and it’s devices.

Setup a multiple-SSID router

  1. From a fresh install of the DD-WRT firmware, setup your WAN/LAN network on the basic setup tab (IP/subnet/gateway config).
    WAN-LAN config
  2. Still on basic setup tab, enable DHCP server. As the main router, I’m assuming you want it to be the DHCP server of the main network. Tick “Use DNSMasq for DHCP”, “Use DNSMasq for DNS” and “DHCP-Authoritative” options.
    DHCP config router
  3. At the Wireless -> Basic setup tab, setup your wireless networks as wanted. The only mandatory option is to get them bridged. There are some tutorials about making guest networks unbridging the interfaces directly in this tab. This works, but as we got more and more devices with dual-band, each unbridged interface get ungrouped. So, I prefer dealing with bridges later at the networking tabs.
    Capture d’écran 2015-09-16 à 10.04.04
    Capture d’écran 2015-09-16 à 10.04.22
  4. At the Wireless -> Wireless Security tab setup the security wanted.
    Wireless security
  5. Come back to Setup -> Networking, create a second bridge br1 and assign to it the interfaces you want to isolate. In my case it’s wl0.1 and wl1.1 corresponding to the wireless virtual interfaces on both bands. In the new bridge, setup a new IP network, like 192.168.3.1 for example.
    Bridging
  6. At the end of the page Setup -> Networking create a DHCP server for each network (if you wish to have DHCP).
    DHCP server router
  7. At the Services -> Services tab configure DNSMasq as following:
    dhcp-range=net:br0,range_start_IP,range_end_IP,netmask,24h
    dhcp-option=br0,6, ns1, ns2
    dhcp-range=net:br1,range_start_IP_2,range_end_IP_2,netmask,24h
    dhcp-option=br1,6, ns1, ns2

    Where range_start_IP and range_end_IP are the first and last IP of the DHCP range, netmask is the mask of your subnet and ns1 and ns2 are the name servers you use (internal of your network, provided by your ISP or public ones like Google’s name server 8.8.8.8).
    DNSMasq router

  8. At the tab Administration -> Commands, setup a firewall based on the following model (adapt as you wish):
    #Enable NAT on the WAN (Correct a BUG)
    iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
    
    #Restrict br0 and br1 from accessing each other 
    iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP
    iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP
    
    #Restrict br1 from accessing the router 
    iptables -I INPUT -i br1 -m state --state NEW -j DROP
    
    #Allow br1 to access DHCP on the router
    iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT
    
    #Allow br1 to access DNS on the router
    iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
    iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

    Save clicking save Firewall button.

  9. Reboot your access point and test. You should now have both SSID working and the guest one (configured at br1) having access only to Internet (if you used AP isolation on the Wireless -> Basic Settings). At least, It should not see the main network and it’s devices.

This article shows how to setup two isolated wireless networks, but it’s possible to have more than this. Just setup more virtual wireless interfaces and bridges as needed. Many thanks to all the team of DD-WRT to make all of this possible.

Sources:

Posted in Network | Tagged , , , | Leave a comment

Bug: VirtualBox 4.3.18 and VT-x incapable architecture

Symptom: Your VirtualBox VM is crashing randomly after some hours of work with a Guru Meditation alert box. The VM was stable until 4.3.16. The VBox.log shows incidents like this:
04:10:00.862330 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
04:10:00.862334 !!
04:10:00.862335 !! Guru Meditation -2403 (VERR_TRPM_DONT_PANIC)
04:10:00.862364 !!
04:10:00.862415 !! TRAP=0e ERRCD=0000000000000000 CR2=00000000a004ed08 EIP=8b4b3156 Type=0 cbInstr=ff
04:10:00.862466 !! EIP in VBoxDDGC.gc (8b4ad000) at rva 6156 near symbols:
04:10:00.862470 !! 8b4b2fd0 rva 00005fd0 off 00000186 acpiPMTmrRead
04:10:00.862474 !! 8b4b34f0 rva 000064f0 off -0000039a pitIOPortRead
04:10:00.862591 !! fff8:8b4b3156 8b 50 08 mov edx, dword [eax+008h]
04:10:00.862599 !!
04:10:00.862600 !!
04:10:00.862601 !!

This is a rare bug triggered by VT-x not working correctly. If your hardware is able to do VT-x virtualization, enable it on your BIOS and in the VM configuration and you should get the stability back. If, as me, you are running VirtualBox on a CPU that doesn’t have VT-x technology, you need to turn it off by this command in a CLI:
VBoxManage modifyvm --hwvirtex off

If you don’t know if your computer is able to do VT-x, try this command on a Linux host:

cat /proc/cpuinfo| egrep "vmx|svm"

If the command prompts a result, your hardware can do VT-x. Check the BIOS to activate it. It’s also very common that Windows hosts have Hyper-V conflicting with VirtualBox. You can disable Hyper-V without deinstalling it. Start a command prompt with administrator rights and execute the following command:

bcdedit /set hypervisorlaunchtype off

Reboot windows. Hyper-V is disabled now. If you want to enable it, then run this command:

bcdedit /set hypervisorlaunchtype auto

and reboot again.

Sources: Bug discussion at VirtualBox’s forum
Thread about Hyper-V

Posted in IT stuff | Tagged , , , , , | Leave a comment

rsync error 255

Today I was facing this error in a complex ssh/rsync backup:

rsync error: unexplained error (code 255) at clientserver.c(778)

The origin of this error was, in my case, a problem with the IP address in the “hosts allow” section of the rsync.conf file, resulting in a drop of connection.

Posted in IT stuff | Tagged , , | Leave a comment