Configure mediawiki for LDAP authentication with Microsoft active directory

2011-08-15 / Linux, Random, Server / 3 Comments

Problem:

Needed to enable  Microsoft Active Directory authentication to our internal mediawiki site.

Solution:

enable Ldapauthentication.php extension. modify localsettings.php file to include the following:

require_once( “$IP/extensions/LdapAuthentication/LdapAuthentication.php” );
$wgAuth = new LdapAuthenticationPlugin();
$wgLDAPDomainNames = array( “ADSITE” );
$wgLDAPServerNames = array( “ADSITE”=>”wcp01xdc.ADSITE.local”  );
$wgLDAPBaseDNs = array( “ADSITE”=>”dc=ADSITE,dc=local” );
$wgLDAPSearchStrings = array(“ADSITE” => “ADSITE\\USER-NAME”);
$wgLDAPSearchAttributes = array( “ADSITE”=>”sAMAccountName” );
$wgLDAPLowerCaseUsername = array( “ADSITE”=>true );
$wgLDAPRequiredGroups = array( “ADSITE”=>array(“cn=information technology,ou=users,ou=information technology,ou=ADSITE,dc=ADSITE,dc=local”) );
$wgLDAPGroupUseFullDN = array( “ADSITE”=>true );
$wgLDAPGroupsUseMemberOf = array( “ADSITE”=>true );
$wgLDAPGroupObjectclass = array( “ADSITE”=>”group” );
$wgLDAPGroupAttribute = array( “ADSITE”=>”member” );
$wgLDAPGroupSearchNestedGroups = array( “ADSITE”=>true );
$wgLDAPGroupNameAttribute = array( “ADSITE”=>”cn” );
$wgLDAPPreferences = array( “ADSITE”=>true );
$wgLDAPDisableAutoCreate = array( “ADSITE”=>false );
$wgMinimalPasswordLength = 1;
$wgLDAPUseSSL = false;
$wgLDAPEncryptionType = array( “ADSITE”=>”clear” );
$wgUseLocal = false;
#$wgLDAPDebug = 99;
#$wgDebugLogGroups[“ldap”] = “/tmp/wikildapdebug.log” ;

Replace “ADSITE” with the name of your domain. It is currently setup for clear text authentication. After you get clear text authentication working you should enable tsl or ssl authentication if need be.

the setting $wgLDAPRequiredGroups is optional and is used to allow only certain groups to login the wiki. in this case “Information Technology”

Read More

Quickly Backup DNS Zones

2011-01-18 / Random, Server / 0 Comments

Problems:

Need a quick solution to backup AD DNS zones daily.

Resolution:

Created a scheduled task to run the following daily:

dnscmd /zoneexport pwcc.local backup\daily\%date:~4,2%%date:~7,2%%date:~12,2%.pxxxx.local.dns.bak dnscmd /zoneexport pwcstores.com backup\daily\%date:~4,2%%date:~7,2%%date:~12,2%.pxxxxstores.com.dns.bak

Read More

The server failed to retrieve the security identifier (SID) of the TS Session Broker server.

2010-06-25 / Server / 2 Comments

Problem:

After someone made a VMware clone of a 2008 Terminal server I was asked to create a TS farm. After creating the farm one of the secondary servers would not join it. After looking in the System Log I found the following:

The server failed to retrieve the security identifier (SID) of the TS Session Broker server. 
Win32 error code: 0x534.

After thinking it was an error due to not running sysprep, that was not the case.

Resolution:

I was using the FQDN for the TS Session Broker server name which for whatever reason was causing this error. After removing the FQDN and only using the hostname on both the TS Session Broker and the additional server, I rebooted and the server joined the farm without any problems.

Read More

19D0810A-10000004 error in sftlog.txt log file

2010-05-06 / APP-V / 0 Comments

Problem:

The following error appears in the sftlog.txt file when trying to refresh or connect to app-v server with app-v client

[05/06/2010 11:12:06:531 MIME ERR] {tid=1154:usr=Jamie}
Failure on Desktop Configuration Server request to URL {rtsp://192.168.29.105:554/} with header {Host: 192.168.29.105
Content-Type: text/xml
AppV-Op: Refresh
} (rc 19D0810A-10000004).

Resolution:

SQL 2008 R2 and APP-V Server are located on the same machine. When we rebooted the server APP-V started before the SQL service causing APP-V service to error out. Configure APP-V service with delayed start or dependency on SQL.

Also seen this error because the firewall was turned on the server and the client PC could not connect to the correct 554 port. Verify the client has some form of communication to the servers ports by telneting into the port and see if you get a TCP connection.

Read More

The security database on the server does not have a computer account for this workstation trust

2010-05-06 / Server / 2 Comments

Problem:

After joining a windows 2008 server to the domain you can not log in and it gives you the error:
The security database on the server does not have a computer account for this workstation trust

I’ve seen this on mostly 2008 Servers in my environment.

 

Resolution
  Open ADSI Edit
2.  Expand your domain
3.  Expand the DC=<yourdomain>,DC=com
4.  Expand CN=Computers
5.  Find the computer name in question and right click and select Properties
6.  Under the Attribute Editor find SERVICEPRINCIOLENAME
7.  Click Edit
8.  You should at a MINIMUM the following (you might have many others as well, but these
     two entries HAVE to be present to log into the domain)
               a.  HOST/<servername>
               b.  HOST/<servername.domainmame.com> 
9.  Click OK and then OK again
10.  Close ADSI Edit and reboot the server having the problems logging into the domain.

Read More

Microsoft APP-V 4.6 on Windows Server 2008 R2

2010-03-24 / APP-V, Server, Server 2008 R2 / 0 Comments

Work in Progress Installing as Stand alone

  1. Install Roles
    1. Application Server
    2. Web Server (IIS)
      1. w/ IIS Mangement Console and Scripts and Tools
      2. w/ Windows Authentication
      3. w/ ASP.NET and .NET Extensibility
    3. Reboot
  2. Install APP-V 4.6
    1. When Installing from 4.6 the server portion of the application is still 4.5 SP1
    2. Select Custom for more advanced install
    3. Reboot
Read More

Microsoft Office Outlook Cannot Provide Form Scripting Support On Terminal Server

2010-03-15 / Desktop, Server / 1 Comments

Microsoft Office Outlook cannot provide form scripting support

  • If this is occuring on a Terminal Server it is by default as Micrsoft does not allow VBS to run on TS.

A workaround can be applied by:

* Copy the Program Files\Microsoft Office\OfficeXXXX\Outlvbs.dll file from a computer that is not 
       running Microsoft Outlook onto the Terminal Server.
* Delete all registry entries for OutlookVBScript on the TS
* Exit Outlook and go back in.
Read More