Same switch, different location

A friend called me a few days ago and told me about a problem where he works. The company was combining their two office locations into one in order to save money. It was a good idea anyway because the two locations were only a block apart. They (friend’s employer) had hired some contractors to install 15 new network drops. When the contractors finished connecting the new drops to the shiny new Linksys SD216 16-port switch, the computer and printer moves began.

Quick background: The CEO of this company is tight with money. They have 15 workstations (old PIII systems), 1 server (newer P4 system) and 5 laser printers so they have no need for an IT department. An IT support contract? HA! Those cost too much. They would just call someone (read: cheapest price) if the needed help.

Now that everything was moved and set up, they were having a problem with one of the printers. No one could print to it. My friend said it worked fine at the other location and the CEO was ready to dock someones pay for “destroying a perfectly good printer”. That’s why my friend called in a favor* and asked me to look at it.

The first thing I did was print out the config sheet for the printer. When I did that, I saw that the IP address was set to 192.168.11.114. I asked my friend what IP range was the office network using and he wasn’t sure so we looked on his workstation. His workstation was set to 192.168.10.90. Aha! I told my friend that the printer IP was set up incorrectly and that it needs to be set to a free IP on the 192.168.10 network.

My friend told the CEO, who was watching nearby, about the easy fix. “Impossible!” I heard. “One of my neighbors is an IT guru and he said the printer was damaged in the move. He even checked the connection and said that it should work because it’s on the same switch as all the other computers.” I told the CEO that I would bet lunch on the fix. The winner would choose the restaurant. He liked that idea and said, “I hope you’ve saved up a couple of months salary because I don’t eat cheap.”

Long story short: I reset the printer so that it would pull a DHCP address, set my friend’s workstation to print to the printer by creating a new TCP/IP port using the printer name and ate the best free (for me) lunch ever. Sweet, sweet victory.

*Be careful when you tell a friend “I owe you one”. This is one of the rare times it actually worked out for me.

The manner of giving is worth more than the gift. - Pierre Corneille

09.May.08 Networking Comments (0)

Ubuntu home LAN server: Dynamic DNS & DHCP

Ok, I know I said in the last post that I was going to post these configs “later”. Well, it’s now 12 days later so I think it’s time to post them. Without further ado:

• dhcpd.conf
• named.conf
• named.conf.options
• named.conf.local

If you’re wondering “Why the hell didn’t he just put everything into a single named.conf file?”, I have a good reason. It’s Ubuntu’s fault! The BIND installation split the configs and I just stuck with that! Sure, I could just combine it all but I just went with the flow.

To help understand what some of the IP settings in the configs mean, here is my network setup:

• Network: 192.168.10.0
• Domain: home.lan
• Server IP: 192.168.10.20 (DNS, DHCP & Domain Auth)
• Router (Gateway) IP: 192.168.10.1
• DHCP Range: 192.168.10.241 - 192.168.10.250
• Dynamic DNS updates require the TSIG key (SecDNS). The DHCP server uses the key to authenticate with BIND and update the local network zones. Client updates are ignored.
• The DNS server forwards unknown host request to OpenDNS.

I know it’s not “perfect” but it’s still being tweaked. See something I’m missing? Let me know in the comments!

I wish I would have gotten this posted sooner. Unfortunately, work has really picked up since the Chri….Winter Break. Things won’t be getting any better in February. That’s when my big project starts up. That project involves implementing the Cisco NAC in several schools. I can’t wait to get started on it because it will be a lot of fun learning how to operate it.

The urge to save humanity is almost always only a false-face for the urge to rule it. - H.L. Mencken

19.Jan.08 Linux, Networking Comment (1)

The Ubuntu domain controller lives!

This is just a quick update, more will be written later. I was able to get the Ubuntu 7.10 server set up as my home domain controller. Here is the current set up:

• Samba is running as the domain controller. It handles all domain logins. Machines joined to the domain, including Windows XP, are added to the Unix Users & Groups on the fly. No manual set up of the machine trust accounts.
• BIND9 handles all DNS request. A TSIG key is required in order to dynamically update records.
• DHCP3 handles, what else, DHCP. DNS records are dynamically updated by the DHCP server using a TSIG key.
• Remote administration is mostly handled through SSH. Password authentication, as well as root login, is disabled. Only RSA/DSA authentication is allowed.
• Webmin is installed to aid in some remote administration task.

It took a couple of days to make Samba work right. I used pieces of several How-To’s in order to get the configuration correct. Some of the guides said to enable the root login but I didn’t do that. I either would just use sudo to run the commands or I’d run sudo -s to switch to the root login. I’ll post all of the server service configs later in case they could help anyone else.

I know, I shouldn’t run all those services on a single box. I wouldn’t except for the fact that this is for a home LAN and not a corporate environment.

It behooves a father to be blameless if he expects his child to be. - Homer

07.Jan.08 Linux, Networking Comments (3)

Home domain

I’ve finally decided to set up a domain on my home network. I’m trying to decide if I should use Ubuntu Server or Windows Server 2003 (Standard Edition) as the domain controller. Currently, I have an Ubuntu server (6.06.1) running BIND9, DHCP, MySQL and Apache.

We use Windows 2000 & 2003 at work so I have more experience setting it up. I want to learn more about Linux administration, though, so that makes me lean toward Linux. There’s a write-up on HowtoForge about setting up a domain controller using Ubuntu 7.10 and Samba. I plan to follow that article if I go the Linux route.

Either OS will run fine on the system I have:

• 1.8 GHz processor
• 2 GB PC2700 RAM
• 160 GB, 7200 RPM hard drive
• Gigabit ethernet

The current Ubuntu server installation isn’t using many resources. Webmin shows that it’s only using 192 MB of RAM (out of 2 GB) and 0 MB of swap. I know that Windows 2003 would use more than that just with a base OS install.

I think I’ll try to get Ubuntu working first. If I can’t get it to work, I’ll load Windows 2003. Either way, I will have Apache and MySQL running because I use Jinzora as my media server. I’ve tried running Jinzora on IIS but it didn’t run as well as it does on Apache.

A nation of sheep will beget a government of wolves. - Edward R. Morrow

29.Dec.07 Linux, Networking, Windows Comments (3)

Windows: Easy MAC address spoofing

While testing out the different NAC solutions, I wanted to see how they would handle a connection where the MAC address that was previously associated with a printer was suddenly associated with a PC. The NIC in my laptop allows me to manually change the MAC address in the NIC properties. That works but I wanted an easier way to make the changes. The solution ended up being a freeware program called Technitium MAC Address Changer.

Some of the features of Technitium MAC Address Changer include:

• Easy to use GUI interface.
• Huge list of manufacturers MAC addresses to choose from.
• Full NIC hardware and configuration information.
• IP configuration shortcuts.

I’m using it tomorrow to test a Cisco NAC we have on loan. The MAC address I’m going to try is currently associated with a Cisco IP phone. According to the Cisco reps, the NAC should detect that the MAC address is being used by a different system and drop me into the quarantine role. That’s just one of a few features they said works but weren’t able to demo during the initial setup.

Men will always be mad, and those who think they can cure them are the maddest of all. - Voltaire

25.Sep.07 Networking, Software, Windows Comments (4)