The Consolidated B&EC "Quick Question" Thread.

Discussion in 'Business & Enterprise Computing' started by looktall, Jun 6, 2015.

  1. obi

    obi Member

    Joined:
    Oct 16, 2004
    Messages:
    127
    How are you doing the redirection? Have you tried the URL rewrite module for IIS?
     
  2. j3ll0

    j3ll0 Member

    Joined:
    Jul 13, 2005
    Messages:
    4,756
    Anyone familiar with Cisco WLC2504s?

    The original installer suggested that I only needed one VLAN & subnet for a Guest SSID.

    Have run up the second guest SSID in another state, and the clients connecting to the guest network get an IP on the first subnet.* Obviously, this ain't gonna route, so I assumed that the LWAP\WLC would tunnel the whole connection back to the WLC, but either my config is broken or I'm wrong about how it should work.

    Any tips regarding what I should be looking for?


    *HO management n\w 10.7.105.0/24
    *HO Guest n\w 10.7.104.0/24
    *Internal routes 10.7.100.0/24-10.7.105.0/24

    *Site 2 management 10.3.105.0/24
    *Internal routes 10.3.101.0/24 -10.3.105.0./24

    *Site 2 wireless guests get address in 10.7.104.0/24 range...
     
  3. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,183
    Location:
    Melbourne
    yea, it's in the re-write module

    requested url matches pattern regex (.*)
    Action type Rewrite
    re-write url http://bla.com/R:1
    append query string ; stop processing

    I've tried using https://bla.com and https://ip.of.bla.com (which fails as it doesn't pass the right hostname)
     
  4. gords

    gords Oh deer!

    Joined:
    Aug 3, 2001
    Messages:
    6,645
    Location:
    Sydney, Australia
    I've used Ninite Pro to do what you're after. I had the same problem with trying to specify by OU. I'd happily give you my batch but I don't work at that place any longer, so I don't have access to it. I'm sure Pat will be able to help, as what you want is certainly possible to do without PowerShell, but getting the syntax right can be a fiddle.
     
  5. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    12,967
    Location:
    Brisbane
    Has anyone seen a document which discusses what restrictions/customisations you can enforce via onedrive for business? I would like to get a nice idea of what's available but I've not had any luck with my googling so far.
     
  6. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,531
    Location:
    elsewhere
    That would be great. My first round reply from support pointed me to their help page which didn't help.. Since then I've been swamped with the mcafee uninstall issue, but I think we have that licked now...
     
  7. gords

    gords Oh deer!

    Joined:
    Aug 3, 2001
    Messages:
    6,645
    Location:
    Sydney, Australia
    OK, here it is:
    This:
    will grab all the computers in the domain, but specifying it the above way will grab only the computers in the OU you want.
     
  8. mr626

    mr626 Member

    Joined:
    Jul 17, 2011
    Messages:
    2,746
    Anyone here know the best contact method for getting an Autodesk network license file generated?

    I'm moving the LMTOOLS network license manager software to another server, and I've just realised that the license file is non-transferable, apparently I have to request one be regenerated :confused:
     
  9. KDog

    KDog Member

    Joined:
    Jan 9, 2002
    Messages:
    259
    Location:
    ACT
    Not sure about Autodesk, but for all of our CAD, dimulation, engineering and math software I have here it's done:
    1) Through the software itself (which then goes online).
    2) Through your sales support.
    3) Through the online login support/profile/account area.

    Usally the machine license needs the MAC address of the computer, and locks to this. I've had to spoof the MAC address for one bit of software due to use being out of our support contract (requirement for changing machines) and not wanting to renew.
     
  10. fR33z3

    fR33z3 Member

    Joined:
    Jul 16, 2001
    Messages:
    2,164
    Location:
    Perth
    i used 5508's - shouldn't be that much different. Your installer sounds right. Basically it doesn't matter which site your "guest" connects at, they will be connected to the 10.7.104.0/24 guest network. Thats how its supposed to work. If its not working like that, then troubleshoot. Start off with the AP - is it registered on the controller?
     
  11. cyclobs

    cyclobs Member

    Joined:
    Nov 12, 2010
    Messages:
    561
    Location:
    Wee Waa, NSW
    Hmm internet isn't helping me today.. in IIS8 FTP with custom authorisation providers.. Does the "FTP Authorisation Rules" apply permissions from windows groups even if the users are entirely virtual but assigned to said role?

    i know i can deny read / write to virtual users but i don't know if i can apply ACL permissions with a windows group of a similar name... I'm not making any sense here :lol:
     
    Last edited: Jun 29, 2015
  12. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,876
    I've not really palyed with Custom Auth providers for IIS FTP before... If I've needed something that didn't use windows auth, I'd use a different FTP server. however,

    with your custom auth provider, if you login as a user, and create a file... and then look at the file in Windows Explorer... who owns the file? without a bunch of fuckery, the security principle needs to be a windows account? Is it owned by the IIS user?
     
  13. cyclobs

    cyclobs Member

    Joined:
    Nov 12, 2010
    Messages:
    561
    Location:
    Wee Waa, NSW
    Sadly the only other options i could find for windows servers didn't have anything i was aiming for.. Luckly i managed to get my custom auth modules working :D

    It's owned by "SYSTEM". But the ftproot is also owned by system.. strange
     
  14. heydonms

    heydonms Member

    Joined:
    Sep 15, 2008
    Messages:
    629
    That's how it should work. What is the actual problem you are having? Did you just see the client has an address from the HO range and assume it wouldn't work or have you actually tested it and found that something isn't working?

    If you don't want the site office guests' traffic tunnelled back to head office, then you need to put the site office APs into local switched mode.
     
  15. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,876
    Good to hear :). How would you handle it on other platforms? Things like ProFTPd have windows ports.

    Whats the full use case? and why wasn't FTP shot down at the start?
     
  16. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,838
    Location:
    Canberra
  17. person

    person Member

    Joined:
    Mar 7, 2003
    Messages:
    339
    Location:
    Brisbane
    If you got Software Assurance for the windows licences (super expensive for us, but if you do, then lucky you!), then MBAM is supposed to be cool https://technet.microsoft.com/en-us/windows/hh826072.aspx ...

    We run bitlocker on all laptops... backing up the keys etc. to AD same as the article you linked^, but I enabled encryption on each one manually (we have OPAL compliant SSD's as well, I'm wary of using bitlocker on non-compliant SSD's as it can wreck them I hear.... note the Samsung's are OPAL compliant but you must turn on encryption in firmware first), I haven't done anything cool like integrated it with a lite-touch deployment yet (I think you need MBAM for that)....
     
    Last edited: Jun 29, 2015
  18. j3ll0

    j3ll0 Member

    Joined:
    Jul 13, 2005
    Messages:
    4,756
    Thank you kindly to you both, guys.
    Yeah, the LWAP is registering and working fine. I think heydonms has prompted me to supply a bit of the problem that might be salient.

    Yeah, I can see guests acquiring 10.7.104.0/24 range IP, but I don't have a mechanism to test, as we drop everything except for 53, 80 and 443 from that subnet, and I don't have anyone at the other end to test on my behalf.

    However, the site office APs *are* in local switched mode, as they are also servicing an internal WLAN that accesses local (to the remote site) network space. I'll have to check the WLC - I can't remember of the local switched vs central switch checkbox is on the AP or on the WLAN.

    In any case, thanks for your feedback guys, much appreciated.

    .
     
  19. obi

    obi Member

    Joined:
    Oct 16, 2004
    Messages:
    127
    That's pretty much it, just make sure the laptops have TPM enabled and DEFINITELY make sure the keys are being backed up into AD.

    I came into a place that had someone else set it up by enabling BitLocker offsite, with no domain connection. Keys never made it into AD, then the TPM on a laptop chucked a hissyfit. Data lost, etc etc.
     
  20. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,838
    Location:
    Canberra
    batshit crazy and i need to rant or is google actually "attacking" a hosting provider from 8.8.8.8? (they've blocked it across their network "at a hardware level").
     
    Last edited: Jun 30, 2015

Share This Page

Advertisement: