Category: System Administration

April 23, 2020

Oracle Password Expiry – Sandbox Server

Oracle 11g seems to ship with password expiry enabled — which is a very good thing for production systems. I’ve even written some code to maintain our system account password (scripts are grabbing the password from a not-clear-text storage facility anyway, so it wasn’t a big deal to add an n-1 password and move the current stashed password into the n-1 column, change the account password, and stash the updated password in the current password location … now my system ID password is updated by a monthly cron job, no one actually knows the password {although anyone could find it, so I would run the password cycle script when individuals leave the group}). But I’m a lot lazier about this stuff in my sandbox. Proof of concept code has clear text passwords. But the server is bound to localhost & there’s no real data in, well, anything.

I started seeing lines in my error log indicating the password would expire. Aaaand that’s how I learned that password expiry was enabled by default now.

[Sat Apr 18 07:42:59 2020] [error] [client 127.0.0.1] PHP Warning: oci_connect(): OCI_SUCCESS_WITH_INFO: ORA-28002: the password will expire within 7 days in /var/www/vhtml/…/file.php on line 191, referer: …

I’m going to disable password expiry because it’s a sandbox. For a real system, obviously, this may not be a stellar idea.

select USERNAME, ACCOUNT_STATUS, PROFILE from dba_users where USERNAME = 'SampleUser';

USERNAME	ACCOUNT_STATUS	PROFILE
SampleUser	EXPIRED(GRACE)	DEFAULT

Note the account status “EXPIRED(GRACE)” — that’s why I am getting the error shown above. Grab the profile name — it’s a sandbox, so 99% sure it’s going to be ‘DEFAULT’ and alter that profile with an unlimited password expiration:

alter profile <profile_name> limit password_life_time UNLIMITED;

Except that didn’t actually stop the error. Turns out you’ve still got to change the password once the account has been flagged as expired (or let the password expire and then unlock the account … but I was looking at the log because I’m debugging something, and I wanted the error to stop *right now*).

alter user SampleUser identified by N3W_P@s5_w0rD;

April 2, 2020

Spam Filtering

Lately, all of the spam seems to be pitching N95 masks … which is great if you don’t have any legit need to discuss these things. One filter on my Exchange system, and it all disappears.

March 2, 2020

MySQL: Moving Data From One Table To Another

Our OpenHAB persistence data is stored in MySQL. There’s an “items” table which correlates each ItemName string to an ItemID integer. There are then Item#### tables that store persistence data for each item. If you rename an item, this means a new table is created and previous persistence data is no longer associated with the item. For some items, that’s fine — I don’t really care when the office light was on last month. But there’s persistence data that we use over a long term — outdoor temperature, luminance, electrical usage. In these cases, we want to pull the old data into the new table. There’s a quick one-liner SQL command that accomplishes this:

INSERT INTO NewTable SELECT * from OldTable;
e.g. INSERT INTO Item3857 SELECT * FROM Item3854;

You can drop the old table too:

DROP OldTable;

But I run a cleanup script against the item list so often don’t bother to remove tables one-off.

March 1, 2020

MQTT Debugging – Subscribe to Everything

Writing this down because I have to look it up every time we’re testing something with MQTT:

mosquitto_sub -v -h mqttserver.example.com -t +/#

The -v outputs the topic name, -h is the hostname, and -t is a topic filter … the filter +/# is all topics.

February 27, 2020

Adding member to MS Teams without admin rights or Graph API

# To run on Linux, you need the preview mode of AzureAD
# Register-PackageSource -Trusted -ProviderName ‘PowerShellGet’ -Name ‘Posh Test Gallery’ -Location https://www.poshtestgallery.com/api/v2/
# Install-Module -Name AzureAD.Standard.Preview

# Windows, the module is
# Install-Module -Name AzureAD

# I’m lazy and just typed my creds for a proof of concept; real implementation would use the SecureString thing in the connect-azuread. See:
# https://www.rushworth.us/lisa/?p=3294
connect-azuread

# Get the object ID for the group and the user
$objMyGroup = get-azureadgroup -SearchString “LJR Sandbox Team”
$objNewMember = get-azureaduser -searchstring “NewGuy”

# Add the user to the group
add-azureadgroupmember -ObjectID $objMyGroup.ObjectId -RefObjectID $objNewMember.ObjectId

February 3, 2020

Fixing Scott’s Audio

For some reason, the audio on Scott’s Fedora laptop falls over (maybe when coming out of sleep?) The playback device gets set to some ‘dummy’ device and he’s got no sound. Solution — from his user account, run:

systemctl --user restart pulseaudio.service

February 2, 2020

Building Latest flite

I’m writing this down mostly to remember that I have built the latest flite instead of using the version from the Fedora repository.

git clone https://github.com/festvox/flite.git
cd flite
./configure
make

Voila, the compiled binaries for flite are in ./bi

January 14, 2020

Oracle: Listing All Tables from Database Link

To list all of the tables available over a database link:

select owner, table_name from all_tables@LinkName order by table_name;

January 7, 2020

Identifying System-Only AD Attributes

This information is specific to Active Directory. MSDN has documentation for each schema attribute — e.g. CN — which documents if the attribute is “system only” or not.

For an automated process, search at the base cn=schema,cn=configuration,dc=example,dc=com with the filter (&(ldapDisplayName=AttributeName))and return the value of systemOnly. E.G. this shows that operatingSystemServicePack is user writable.

***Searching...
ldap_search_s(ld, "cn=schema,cn=configuration,dc=example,dc=com", 2, "(&(ldapDisplayName=operatingSystemServicePack))", attrList,  0, &msg)
Getting 1 entries:
Dn: CN=Operating-System-Service-Pack,CN=Schema,CN=Configuration,dc=example,dc=com
systemOnly: FALSE;

You can also list all of the system-only attributes by using the filter (&(systemOnly=TRUE)) and returning ldapDisplayName

***Searching...
ldap_search_s(ld, "cn=schema,cn=configuration,dc=example,dc=com", 2, "(&(systemOnly=TRUE))", attrList,  0, &msg)
Getting 189 entries:
Dn: CN=OM-Object-Class,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: oMObjectClass; 

Dn: CN=Canonical-Name,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: canonicalName; 

Dn: CN=Managed-Objects,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: managedObjects; 

Dn: CN=MAPI-ID,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: mAPIID; 

Dn: CN=Mastered-By,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: masteredBy; 

Dn: CN=Top,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: top; 

Dn: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: nTDSDSARO; 

Dn: CN=Application-Process,CN=Schema,CN=Configuration,dc=example,dc=com
lDAPDisplayName: applicationProcess; 
...

January 5, 2020

Asus Router NVRAM Usage

I had a really strange problem with an Asus router — the port forwarding disappeared. And while I could use the UI and put everything back in, it didn’t stick around. Turns out the NVRAM was full — there wasn’t anywhere to put the port forwarding rules (vts_rulelist). Fortunately, there were a few old DHCP reservations I was able to delete and free up some space. For future reference, the following command reports what is using the NVRAM.

nvram show | awk '{print length(), $0 | "sort -n -r"}' | cut -d"=" -f 1