ADPassword Manager Plus with duo mfa

March 25, 2021 Kelley Leave a comment

To facilitate password changes for your Active Directory accounts, HCC provides the ADPasswordManager Plus server. Once a user has enrolled on this server, they may easily change their password, even if the password has been forgotten. Also locked accounts can be unlocked and each user can edit some of the user information stored with their account in Active Directory. To insure changes are made by you, you will need to authenticate to the service using Duo.

To login to the server visit https://password.hccanet.org. Note: you must enter https:// before the address. Once at the site you will see three options, each selectable by clicking. First in the sign in area. Below that is “Forgot your password?” and “Account locked down?” These last two will be covered later in this article.

To login, enter your domain username and your password, then click “Login”. You do not need to enter the domain or your full User Principal Name.

If you’ve entered the correct information, you will be shown the Duo Security Multi-Factor Authentication enrollment screen. Click “Start Setup” to begin.

Verify that “Mobile phone” is selected and then click “Continue”.

Enter your mobile phone number and then tick the box to verify you entered it properly. Next click “Continue”.

Click “Text Me” and the system will send your mobile phone a message with a six-digit code. Enter the code in the blank and click “Verify”. Next, click “Continue”.

On this screen you can click the drop-down and choose your default authentication method. I’ve chosen the “Automatically send this device a Duo Push”. This means any time I authenticate to this server, a push will automatically happen without being forced to make a choice.

Once you’ve made your choice, click “Save” and then click “Continue to Login”.

If Duo is synchronized with our Active Directory, you should see the screen below. Just click “Click here” to continue with your enrollment.

If you see a warning similar to the one below, you will need to contact IT. The most likely error you would see might indicate you are not authorized or allowed to use this application. This can occur if you are a new user and attempting your enrollment before the Duo administration system has synchronized with our Active Directory

If you have previously enrolled your account and mobile device the Duo Multi-Factor Authentication system you will skip directly to the typical authentication prompt. When you’ve approved the push, you will continue with the setup.

To complete your enrollment in the password server, click “Click here”.

Next, you will select three security questions from list and provide answers to each. You may never need to use these but you should try to pick questions and answers that cannot be easily retrieved from social media with which you may engage. Obviously, you will want to remember your answers. Click “Next” to continue.

If all your entries are satisfactory, you’ll see the green shaded successfully enrolled message as below.

If the purpose of your visit to the server is to change your password, once you’ve completed your enrollment you can click the “Change Password” tab at the top of the window. You will need to provide your current password and your new password. The complexity requirements are listed below. In the example provided, I’ve entered a new password of only 9 characters and clicked the blue “Change Password” button.

Since my new password did not meet the required length of 10 characters, an error message was generated. You will see something similar if you fail to meet any of the complexity requirements. To try again, click the “Close” button.

In this example, I’ve entered 10 characters, as required. This time when I clicked the blue “Change Password” button I received a notice that the password change was successful.

After the successful change of passwords you can click “Close”. If you wish, you can click the “Profile” tab at the top of your screen. This will allow you to see the information that is pulled from Active Directory to the password server. If you see any problem, you can click the “Edit” button. Note that your mobile phone number is a required field.

Once you’ve made the appropriate changes to your info, scroll to the bottom of the screen and click the “Update” button.

At any time and from any screen you can log out of the password server by clicking the down arrow in the upper right hand corner of the screen. Click “Sign Out’ to leave the system.

Besides changing your known password, from the initial login screen you can also choose to reset a forgotten password. Click “Forgot your password?” to do this.

Before you can reset a forgotten password, you must enter your username and the “Captcha” verification information. Click “Continue’ to move to the next step.

Next, you will be required to provide the answers to your security questions you selected during enrollment. Once you’ve entered the answers and the Captcha info, clicking “Continue” will take you to the password change screens shown earlier in the article. Notice the timer in the upper right of the screen. You must provide your answers before the timer expires.

It is possible if you’ve entered the wrong password multiple times that your account might become automatically locked. This would prevent you from accessing any domain functions. With your login to the ADPasswordManagerl server, you can choose the option, “Account locked down?”

Once again you’ll need to provide your login name and the Captcha info to make the change. Once entered, click “Continue”.

To unlock your account you will need to provide answers to your security questions just as in the example above. Once you entered your info and Captcha data you will get the opportunity to unlock your account.

Uncategorized

Edit Listserv Aliases

July 31, 2020 Kelley Leave a comment

Open Putty and create a new profile for the LISTSERV server by entering its IP address and name the session to be saved as Listserv. You can save the profile now. We will save it again when it is complete.

Click “Session” at the top of the left pane. Next click Auth under SSH. Browse to the ppk file on the network. This file contains the key pair used for all Linux SSH sessions for AWS Linux virtual servers.

Click Session again and be sure your Listserv profile is listed in the Saved Sessions box. Next click “Save”. If you do not save the session you will not be able to use it in the future. To connect to the server, click “Open”.

If this is your first time to connect to this server, you will get an alert telling you the host key is not cached in the registry of your system. Click “Yes” to add it to your system and continue.

Login as “ec2-user”. This is the login for all AWS Linux SSH sessions. Next you’ll be prompted for the passphrase protecting the key. Enter the passphrase to finish the login.

Once logged in, you see the default Amazon Linux 2 splash screen.

Ec2-user is a non-privileged account. The password to the root account is unknown. You will need to use sudo to issue commands as root.

Line one loads the aliases file into the vi editor. Add the new lines to the bottom of the file. Typing a lowercase o will add a new line. Then you can paste the two lines required for each new Listserv created. Use the format of lines 2 and 3 below. Replace the word, “itdiscuss” with the name of the new list in both lines. In total, there will be four occurrences. Press the Esc key, then : then wq to save the file and exit the editor.

sudo vi /etc/aliases

itdiscuss: "|/usr/local/bin/lsv_amin /home/listserv/spool itdiscuss"

owner-itdiscuss: "|/usr/local/bin/lsv_amin /home/listserv/spool owner-itdiscuss"

Next the changes must converted to a file usable by the sendmail server. Do that by entering the below line.

sudo newaliases

The last step is to restart the sendmail mail server on the box. Use the below command to make that happen.

sudo systemctl restart sendmail

You can close your SSH session by typing “exit” and pressing enter. Then type “logout” and press enter to close your Putty window.

Documentation

WebEx For Desktop Support

April 24, 2020 Kelley Leave a comment

Cisco’s Webex provides a very nice desktop client that allows hosting meetings and sessions from our personal rooms. This works very well for sharing content and supporting web applications. It is easy to right click the desktop and ask for permission to control. However, if you need to type anything in an elevated command prompt or run anything that requires administrative approval, you are completely out of luck. Not only will you be prevented from entering data, you will also be prevented from clicking away from the protected item to do anything else. You are essentially locked in a digital prison and only the end user can free you by cancelling or clicking away from the protected action.

I knew there had to be a better way to help users. After all, I had been helped many times by vendors using Webex who were not hindered in this way. After some research and experimentation, I’m happy to report that we can easily use Webex support sessions to provide excellent administrative support for end user’s desktops.

The secret sauce to this is using the web based login to our Webex server. You cannot launch this type of session from the desktop client, or at least I’ve not yet found a way.

To get started, browse to https://hcc.webex.com and log in with your account. Once logged in, click “Webex Support” in the lower left hand corner of the screen. This did not seem intuitive to me. It felt like I was asking for support. Later I realized that someone else on our staff might use the same link specifically because they was support. It appears to swing both ways.

A list of support options will appear on the left side of your Webex screen.

From the support page, if the “Provide Support” area is not already expanded, click the arrow just to the left to expand options.

Next, click “Start Session”. This will launch the “Customer Service Representative Dashboard”, aka CSR Dashboard. The dashboard consists of one or more blocks of controls that can be collapsed, expanded and moved from one place on your desktop to another.

If you have any difficulty getting the CSR Dashboard launched, you can click on the “Downloads” link. From here you can download the dashboard bits for your operating system.

When the session is started, the CSR dashboard appears in the lower right hand of your screen. By default, two collapsible panels are open, the Invite panel and the Participants panel. You can enter an email for your customer and if “Send using my own email program” is ticked, an email will open with the link info required. Just send the email. Alternatively, if you are communicating with the client via an instant messaging app, just click the “Copy Link” button and paste the link to the chat window.

Once your client has accepted the invitation and joined the meeting, their name will appear in the “Participants” panel. You can then click the circled button in the dashboard to “Request Control” of the user’s desktop. Notice that for the image below, I do not actually have a user connected and that is why the various options are shown in gray. When the user connects, the options will be visible and clickable.

In figure five below, you can see how a connected customer appears in the dashboard. For reference, notice the “opening door” icon with the red arrow near the right hand side. Clicking that icon will end your support session. You’ll be given an opportunity to enter notes about the support case before it closes completely.

Not only can you request control, but you can also choose the more restrictive, “Request View” option. You can do the same for specific applications. Co-browsing is available where you can easily switch sides with the client, where they can perform some action on your computer. File and multimedia options are also included.

Sometimes you may need more access to the system than the client’s login allows. By right-clicking the customer name in the Participant’s panel, you can choose some advanced options. If you choose “Log On as Different User”, the current user will be logged off and you can provide administrative credentials for a new login. Your session will not be interrupted. If you choose the “Reboot” option, the other side will reboot. It does require approval, but since you are controlling the other side, you can grant your own approval if needed. The customer will need to reconnect to your session after the reboot. You can choose to run custom scripts once you’ve created the scripts in your Webex login. If you click “System Information” and if the customer approves, a popup will appear with a great deal of information about the remote computer. This info is shown in figure 7.

The image below shows the type of information you can retrieve from the customers computer. Click any item in the left pane to view the related info in the right. Below you can see the logical drives present on the customer’s computer.

One last thing that you may find as helpful as I. When you get control of your customer’s computer, it will appear in full screen. This is handy if you want to use keyboard shortcuts to interact with the remote screen. However, if you need to refer back to your own desktop or web browser to provide assistance, it is at first blush, difficult to get access to your screen. For example, using the Alt-Tab key combination actually impacts the remote side and not your local screen.

Do not fear, there is a simple work around. In the upper right corner of the remote computer is a “Sharing” icon. Click the down arrow and then “View”. If you choose “Window-Scale to Fit”, the remote session will be reduced just enough to make your local computer’s Task-Bar visible. You can now open and select your local apps to perform a task or to gather information to assist you in your support session.

This little tutorial is intended to just get you started with the more advanced support options available in Webex. You will want to experiment with the other icons/options available from the dashboard. I found myself well able to assist a customer with little more info than what I’ve shared above. I am now convinced that while connecting with Webex is a little more involved than with TeamViewer, the range of options are more extensive in Webex. Below will be a few links to helpful Cisco documents about support connections with Webex.

Get Started With Cisco Webex Support

Start a Session and Invite Customers or Other Attendees in Cisco Webex Support

Join a Cisco Webex Support Session

Manage a Customer’s Computer in Cisco Webex Support

Cisco Webex Remote Support User’s Guide

Uncategorized

listserv creation

March 24, 2020 Kelley Leave a comment

This tutorial will demonstrate how to create a Listserv using L-Soft’s Listserv Lite. Once created the subscribers will be added through bulk operations. When done the list will be depopulated and removed from the server.

Step 1: Login to your account.
Using your provided account, log into the server to find the default dashboard screen.

Step 2: Create a new listserv
Click the “List Creation” option in the left menu. In the blanks provided enter the name of the Listserv and its title. In this case I used the same info for both. Next, tick the “Create with Wizard” radio button and then click “Next”.

Step 3: Specify the list owner and type of list
Enter the email address for the list owner then select what type of list you want to create, Announcement List, Unmoderated Discussion List, or Moderated Discussion List then click “Next”.

Step 4: Select list options
Choose your desired options from the five areas shown, designating how subscriptions are made and who can send email to the listserv. You can choose whether the list owner will receive email notifications for activities on the list and whether to allow attachments or not. The last option controls who will be allowed to see the list archive. When options are selected, click “Next”.

Step 5: Accept archive options
You can customize the type and path for the list archives. I would suggest accepting the default options. Click “(Use Suggestion)” then click “Next”.

Step 6: Review and Create
Review the settings of the list and if all is acceptable, click “Create”.

Step 7: Handling replies
Determine how replies to the list will be handled. Click “List Management: from the left menu and verify you are working with the desired list. Next click “Distribution” and in the Reply to line, click the drop down in the middle column. You can choose whether replies will go to the sender, the list, or both. If you are creating an open discussion list, then replying to the list maybe appropriate. If you are creating a newsletter list, you may want replies to be returned to the original sender. Below this option is the “Subject Tag” option. You can add text here that will appear in the subject of each email from the list. Including a word in brackets like, [LIST] can help subscribers filter list email received.

Step 8: Create your import file
Once the list is created, you will want to add subscribers. You can just distribute subscribe and unsubscribe email options to your target audience, or you can manually add one user at a time. In this tutorial I’ll use the “Bulk Operations” option to import subscribers from a previously created text file. Listserv cannot import Excel or CSV files. The import file must be a tab delimited text file, with no header row. The format must be “email address” (TAB) “First Name” (TAB) “Last Name”. The names are optional. If not present or if only one name is present, the subscriber will be added without name information. You can use Excel to manipulate lists of people and then generate the final output as a text files like shown below.

Step 9: Import subscribers step 1
If you have your text file ready to go, click “Subscriber Options” from the left menu and then click the linked text “(Bulk Operations)”.

Step 10: Import subscribers step 2
In the new focused window, tick the radio button to add the imported addresses to the list. Next, click the “Choose File” button and navigate to your text file. Next, click the “Import” button.

Step 11: Remove subscribers
You can remove subscribers using the same text file you used to import. In the image below, in the grey area you can see the subscribers imported to the list in the previous step. Now, by selecting the same “Bulk Operations” link, you can tick the button to remove the imported addresses and choose the same file you used before. Click the somewhat less than intuitive “Import” button. The subscribers will be removed.

Step 12: List deletion step 1
Click “List Deletion” from the left menu . Using the drop down, select the list you wish to delete and then click “Update”.

Step 13: List deletion step 2
Read the warning and if you are sure you wish to delete the list, click the “Confirm” button.

While many other options are available for managing listservs, the options described above will handle much of the day-to-day needs for the organization.

Tech Topics, Uncategorized

debugging Evolution

January 28, 2016 admin Leave a comment

Execute the following in a shell to debug client IMAP connections:

CAMEL_DEBUG=imapx:io evolution

Tech Topics

RHEL6 NIC order

June 30, 2015 admin Leave a comment

udev in RHEL6 enumerates devices based on information stored in

/etc/udev/rules.d/70-persistent-net.rules

When adding/changing NICs in VMware, you may need to edit this file to adjust the order. Alternately, you can delete the file and let the system rebuild it on the next restart.

Tech Topics

Regenerate SSH key material

March 24, 2015 admin Leave a comment

All this can be done in an ssh session, however if anything goes wrong, you’ll need console access to fix the problem.

Generate new candidate primes

ssh-keygen -G moduli-2048.candidates -b 2048

Screen primes for suitability

ssh-keygen -T moduli-2048 -f moduli-2048.candidates

Install in ssh config root, backup old moduli:

cd /etc/ssh

mv moduli moduli.bak

mv moduli-2048 moduli

backup existing private/public keys:

for i in *_key;do mv $i $i.bak;done

for i in *.pub;do mv $i $i.bak;done

Generate new keys:

ssh-keygen -A

Restart sshd:

/etc/init.d/sshd restart

Verify this by logging out and back in. Your ssh client should bark that the host key has changed. Once you clear the line from .ssh/known_hosts (or the equivalent) you should be able to log in again.

At that point you should delete the old keys and candidate moduli

Tech Topics

Break multipage PDF into single pages

August 29, 2014 admin Leave a comment

for i in {1..120} ; do gs -dSAFER -dBATCH -dNOPAUSE -dFirstPage=$i -dLastPage=$i -dCompatibilityLevel=1.7 -sDEVICE=pdfwrite -o “klosterman-p$i.pdf” “klosterman.pdf” ; done

Tech Topics

Generating PDFs using Ghostscript

July 23, 2014 admin Leave a comment

The following command (re)generates a pdf from the source file. In this particular case it is being invoked to fix improperly written pdf. but it could just as well be used to make a pdf from an jpg file.

gs -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 -dPDFSETTINGS=/screen -dNOPAUSE -dQUIET -dBATCH -sOutputFile=Aaron_Taylor_APPLICATION_2014-04-30_20-58-new7.pdf Aaron_Taylor_APPLICATION_2014-04-30_20-58.pdf

Tech Topics

Renaming Linux Volume Groups

March 24, 2014 jreasoner Leave a comment

Linux Volume Manager provides software RAID and more generally abstraction between OS and disk devices. It is used by default for RHEL/CentOS 6.3 forward.

A cloned a VM will retain the volume group name of the parent. Use the following procedure to change it.

Find the current volume group name. (You can also see the current group name reflected in the output of dmsetup info.)

lvm vgdisplay

Rename the volume group:

vgrename <old_vg_name> <new_vg_name>

Edit /etc/fstab and /boot/grub/grub.conf so that the new volume group devices get used and mounted when the system starts.

Rebuild the initial RAM disk:

mkinitrd <initrd_file.img> <kernel_version>

Reboot and test.