You are here

netadmin

KDC reply did not match expectations while getting initial credentials

Occasionally one gets reminded of something old.

[root@NAS04256 ~]# kinit adam@example.com
Password for adam@Example.Com: 
kinit: KDC reply did not match expectations while getting initial credentials

Huh.

[root@NAS04256 ~]# kinit adam@EXAMPLE.COM
Password for adam@EXAMPLE.COM:
[root@NAS04256 ~]# 

In some cases the case of the realm name matters.

Unknown Protocol Drops

I've seen this one a few times and it is always momentarily confusing: on an interface on a Cisco router there is a rather high number of "unknown protocol drops". What protocol could that be?! Is it some type of hack attempt? Ambitious if they are shaping there own raw packets onto the wire. But, no, the explanation is the much less exciting, and typical, lazy ape kind of error.

no ip domain-lookup

One of the most annoying features of Cisco's IOS is the assuming that anything you type which is not a command is a hostname. So...

Router#dev
Translating "dev"...domain server (255.255.255.255)
 (255.255.255.255)
Translating "dev"...domain server (255.255.255.255)
....

... and when you are configuring a router which either (a) does not have DNS, (b) is on a network that is down, or (c) is on the workbench and not actually connected to a network - you get to enjoy the long pause of a DNS timeout.

Argh!

Testing A WINS Server

On a CIFS/SMB domain the WINS service is critical for proper function [some things use WINS, some things use DNS, it is terribly confusing, but it is what it is]. DNS is relatively easy to test and you will likely know right away if it isn't working. But before adding those new DCs to your dhcpd.conf file -

option netbios-name-servers 192.168.1.78, 192.168.1.79, 192.168.1.65;

... it would be nice to be equally confident WINS is operating as expected.

Please No 169.254/16

When you bring up at new LINUX OS installation it will typically [at least in the case of CentOS] have a route of 169.254/16 on every interface. These routes are used to support the good and virtuous feature known as "zeroconf". Sometimes however you do not want that route noise - especially if the host is going to be operating as a router or firewall. Fortunately disabling this feature for this specific use-case is easy.

Windows "Uptime"

Windows XP and its brethren lack an uptime command. Yeah, the reason the probably obvious, but sometimes it would be nice to know. A user says they restarted their workstation... but most user's [including recent college graduates] don't know the difference between logging out and restarting. So how to know how long a workstation has been running?

explorer.exe /separate

The runas tool in Microsoft Windows serves the same purpose as the sudo tool on Open [or at least "open"] platforms. With runas you can execute commands in alternative security contexts. Only some tools in Microsoft Windows aren't normal; that is if you attempt to run them via runas.... often times nothing at all happens. One very significant example of this behavior is the Control Panel (control.exe).

Performing LDAP Binds With NTLM

With either a Windows Active Directory server or a Samba4 Active Directory server very little information is exposed for anonymous searches via LDAP. This means every search has to bind. Simple binds are insecure and in many cases not supported - for good reason, they are hopelessly insecure. But often times one doesn't want to bother with Kerberos (even as great as Kerberos is) due to ticket expiration, keytab paths, etc...

Simple NAT With Cisco IOS

Performing NAT with any variety of a LINUX box is possibly one of the most redundantly documented applications on the Web. Attempting to do the same with a Cisco IOS router is not documented in so straight-forward a way.

This little snippet shows the configuration for an IOS router where vLAN 13 is a public network and vLAN 12 is a private network. The router has a public IP address of A.B.C.D [netmask: E.F.G.H] and the gateway address is A.B.C.I. The private network is a 10.0.0.0/8 with multiple /24 segments which all route to this NAT gateway.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer