How to convert Windows NT Time to UNIX Time:
Divide by 10,000,000 and subtract 11,644,473,600.How to convert UNIX Time to Windows NT Time:
Add 11,644,473,600 and multiply by 10,000,000.Source: support.citrix.com
David's various IT findings
How to Convert Windows NT Time to UNIX Time and Vice Versa
Windows NT time is specified as the number of 100 nanosecond intervals since January 1, 1601. UNIX time is specified as the number of seconds since January 1, 1970. There are 134,774 days (or 11,644,473,600 seconds) between these dates.
Source: support.citrix.com
Source: support.citrix.com
Port based routing in Ubuntu
After a lot of research I finally found a way to do port based routing in Linux, more specifically in Ubuntu.
The solution was found based on information found on these two sites:
http://www.sparksupport.com/blog/application-based-routing-in-linux
http://www.linuxforums.org/forum/networking/141331-port-based-routing.html
The reason I needed to do port based routing was so that I could route some traffic over a VPN tunnel that otherwise was blocked. But it can also be used to route in a network with several gateways which is basically what the VPN is.
The guide expects that you have a working VPN/gateway that can do NAT or route IP traffic.
The first thing you have to do is make sure rp_filter is set to 0. The default value in the Linux kernel is 0, but on some distributions (like Ubuntu), it has been set to 1. Make sure that net.ipv4.conf.default.rp_filter and net.ipv4.conf.all.rp_filter in /etc/sysctl.conf is set to 0. You will have to reboot after this for it to have an effect.
Now for the routing part. First you have to add a mangle entry to the packet for that the Linux kernel will have a mark to look for.
With this entry you will add the mark 0x1 to all packets being routed using the TCP protocol on port 80, in other words all web traffic. Adjust accordingly for your own needs. Simply add more rules with the same mark to send it over the VPN or gateway that we route with a new table bellow.
Next we need to add a new IP route table in /etc/iproute2/rt_table. Add a new line with something like 100 vpntunnel.
Now we add a routing rule that sends all the 0x1 marked packets to the new table we have made.
And finally we need to add the gateway to our new table.
It should now be working, you can test it by doing a curl ifconfig.me to see if your public IP has changed.
The solution was found based on information found on these two sites:
http://www.sparksupport.com/blog/application-based-routing-in-linux
http://www.linuxforums.org/forum/networking/141331-port-based-routing.html
The reason I needed to do port based routing was so that I could route some traffic over a VPN tunnel that otherwise was blocked. But it can also be used to route in a network with several gateways which is basically what the VPN is.
The guide expects that you have a working VPN/gateway that can do NAT or route IP traffic.
The first thing you have to do is make sure rp_filter is set to 0. The default value in the Linux kernel is 0, but on some distributions (like Ubuntu), it has been set to 1. Make sure that net.ipv4.conf.default.rp_filter and net.ipv4.conf.all.rp_filter in /etc/sysctl.conf is set to 0. You will have to reboot after this for it to have an effect.
Now for the routing part. First you have to add a mangle entry to the packet for that the Linux kernel will have a mark to look for.
iptables -t mangle -A PREROUTING -p tcp –dport 80 -j MARK –set-mark 0×1
With this entry you will add the mark 0x1 to all packets being routed using the TCP protocol on port 80, in other words all web traffic. Adjust accordingly for your own needs. Simply add more rules with the same mark to send it over the VPN or gateway that we route with a new table bellow.
Next we need to add a new IP route table in /etc/iproute2/rt_table. Add a new line with something like 100 vpntunnel.
Now we add a routing rule that sends all the 0x1 marked packets to the new table we have made.
ip rule add fwmark 0×1 lookup vpntunnel
And finally we need to add the gateway to our new table.
ip route add default via 192.168.1.1 table vpntunnel
It should now be working, you can test it by doing a curl ifconfig.me to see if your public IP has changed.
ProFTPD and Microsoft Active Directory authentication
After a lot of searching and banging my head against the wall, I finally found a solution on how to authenticate users logging into a ProFTPD server using Mircosoft AD. I'm using ProFTPD version 1.3.4rc2 with these configurations. I'm not going to post the main config file as I assume you have got a working installation of ProFTPD and you just miss the AD authentication bit. This setup was made so that users could upload web pages to a server and have the automaticly published using a Apache server.
ldap.conf
It's really important to add the ??sub after the server address. If you don't ProFTPD will use ??base instead and you will not get any results when searching AD. Remember to adjust the values before using this config.
Also you might want to note that the home directory that gets made using the username from AD and not the ones provided from the user, so if the username in AD is capitalized so will the homedir be. Will post a solution on how to fix this as well for the ones that require it.
ldap.conf
<IfModule mod_ldap.c> # Connection information LDAPServer ldap://dc01.domain.com/??sub LDAPAttr uid sAMAccountName LDAPAuthBinds on # User information LDAPBindDN "cn=UserWithBindRights,cn=users,dc=domain,dc=com" "PasswordForUserWithBindRights" LDAPUsers OU=OuThatYouWantToSearchIn,dc=domain,dc=com (sAMAccountName=%u) # ID's to use when not using the ones from AD LDAPDefaultGID 1111 LDAPDefaultUID 1111 # Override the use of AD id's with the default values set. # Handy when using this setup with a web server that needs read and write
# access to the files and directories uploaded. LDAPForceDefaultGID on LDAPForceDefaultUID on # Switch on the functionality to generate user homes. LDAPGenerateHomedir on 0775 CreateHome on 0775 # Overide homedir values from AD LDAPGenerateHomedirPrefix /place/to/generate/user/homes LDAPForceGeneratedHomedir on </IfModule>
It's really important to add the ??sub after the server address. If you don't ProFTPD will use ??base instead and you will not get any results when searching AD. Remember to adjust the values before using this config.
Also you might want to note that the home directory that gets made using the username from AD and not the ones provided from the user, so if the username in AD is capitalized so will the homedir be. Will post a solution on how to fix this as well for the ones that require it.
Subscribe to:
Posts (Atom)