Discussion in 'Business & Enterprise Computing' started by looktall, Jun 6, 2015.
How are you doing the redirection? Have you tried the URL rewrite module for IIS?
Anyone familiar with Cisco WLC2504s?
The original installer suggested that I only needed one VLAN & subnet for a Guest SSID.
Have run up the second guest SSID in another state, and the clients connecting to the guest network get an IP on the first subnet.* Obviously, this ain't gonna route, so I assumed that the LWAP\WLC would tunnel the whole connection back to the WLC, but either my config is broken or I'm wrong about how it should work.
Any tips regarding what I should be looking for?
*HO management n\w 10.7.105.0/24
*HO Guest n\w 10.7.104.0/24
*Internal routes 10.7.100.0/24-10.7.105.0/24
*Site 2 management 10.3.105.0/24
*Internal routes 10.3.101.0/24 -10.3.105.0./24
*Site 2 wireless guests get address in 10.7.104.0/24 range...
yea, it's in the re-write module
requested url matches pattern regex (.*)
Action type Rewrite
re-write url http://bla.com/R:1
append query string ; stop processing
I've tried using https://bla.com and https://ip.of.bla.com (which fails as it doesn't pass the right hostname)
I've used Ninite Pro to do what you're after. I had the same problem with trying to specify by OU. I'd happily give you my batch but I don't work at that place any longer, so I don't have access to it. I'm sure Pat will be able to help, as what you want is certainly possible to do without PowerShell, but getting the syntax right can be a fiddle.
Has anyone seen a document which discusses what restrictions/customisations you can enforce via onedrive for business? I would like to get a nice idea of what's available but I've not had any luck with my googling so far.
That would be great. My first round reply from support pointed me to their help page which didn't help.. Since then I've been swamped with the mcafee uninstall issue, but I think we have that licked now...
OK, here it is:
will grab all the computers in the domain, but specifying it the above way will grab only the computers in the OU you want.
Anyone here know the best contact method for getting an Autodesk network license file generated?
I'm moving the LMTOOLS network license manager software to another server, and I've just realised that the license file is non-transferable, apparently I have to request one be regenerated
Not sure about Autodesk, but for all of our CAD, dimulation, engineering and math software I have here it's done:
1) Through the software itself (which then goes online).
2) Through your sales support.
3) Through the online login support/profile/account area.
Usally the machine license needs the MAC address of the computer, and locks to this. I've had to spoof the MAC address for one bit of software due to use being out of our support contract (requirement for changing machines) and not wanting to renew.
i used 5508's - shouldn't be that much different. Your installer sounds right. Basically it doesn't matter which site your "guest" connects at, they will be connected to the 10.7.104.0/24 guest network. Thats how its supposed to work. If its not working like that, then troubleshoot. Start off with the AP - is it registered on the controller?
Hmm internet isn't helping me today.. in IIS8 FTP with custom authorisation providers.. Does the "FTP Authorisation Rules" apply permissions from windows groups even if the users are entirely virtual but assigned to said role?
i know i can deny read / write to virtual users but i don't know if i can apply ACL permissions with a windows group of a similar name... I'm not making any sense here
I've not really palyed with Custom Auth providers for IIS FTP before... If I've needed something that didn't use windows auth, I'd use a different FTP server. however,
with your custom auth provider, if you login as a user, and create a file... and then look at the file in Windows Explorer... who owns the file? without a bunch of fuckery, the security principle needs to be a windows account? Is it owned by the IIS user?
Sadly the only other options i could find for windows servers didn't have anything i was aiming for.. Luckly i managed to get my custom auth modules working
It's owned by "SYSTEM". But the ftproot is also owned by system.. strange
That's how it should work. What is the actual problem you are having? Did you just see the client has an address from the HO range and assume it wouldn't work or have you actually tested it and found that something isn't working?
If you don't want the site office guests' traffic tunnelled back to head office, then you need to put the site office APs into local switched mode.
Good to hear . How would you handle it on other platforms? Things like ProFTPd have windows ports.
Whats the full use case? and why wasn't FTP shot down at the start?
Bitlocker, AD Domains, Laptop fleets.
Any quick howto's? Currently looking at this - https://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx
Server is 2012 R2 Server, 2012 R2 Functional.
Clients are anything we want really - but at least 7. We can go to 8.1u with ease. Hell I could go to 10 if it was released.
If you got Software Assurance for the windows licences (super expensive for us, but if you do, then lucky you!), then MBAM is supposed to be cool https://technet.microsoft.com/en-us/windows/hh826072.aspx ...
We run bitlocker on all laptops... backing up the keys etc. to AD same as the article you linked^, but I enabled encryption on each one manually (we have OPAL compliant SSD's as well, I'm wary of using bitlocker on non-compliant SSD's as it can wreck them I hear.... note the Samsung's are OPAL compliant but you must turn on encryption in firmware first), I haven't done anything cool like integrated it with a lite-touch deployment yet (I think you need MBAM for that)....
Thank you kindly to you both, guys.
Yeah, the LWAP is registering and working fine. I think heydonms has prompted me to supply a bit of the problem that might be salient.
Yeah, I can see guests acquiring 10.7.104.0/24 range IP, but I don't have a mechanism to test, as we drop everything except for 53, 80 and 443 from that subnet, and I don't have anyone at the other end to test on my behalf.
However, the site office APs *are* in local switched mode, as they are also servicing an internal WLAN that accesses local (to the remote site) network space. I'll have to check the WLC - I can't remember of the local switched vs central switch checkbox is on the AP or on the WLAN.
In any case, thanks for your feedback guys, much appreciated.
That's pretty much it, just make sure the laptops have TPM enabled and DEFINITELY make sure the keys are being backed up into AD.
I came into a place that had someone else set it up by enabling BitLocker offsite, with no domain connection. Keys never made it into AD, then the TPM on a laptop chucked a hissyfit. Data lost, etc etc.
batshit crazy and i need to rant or is google actually "attacking" a hosting provider from 18.104.22.168? (they've blocked it across their network "at a hardware level").