Like many others I’m running some websites/webapps at home, which I published to the outside world to gain access anywhere and on anydevice. This can be easily done by Apache, especially by using virtual hosts and reverse proxying. One thing I found annoying that I was publishing my sites over HTTP. While it isn’t mission critical data, I just don’t like the idea that it can be read by anyone, who managed it to capture (some of) the packets.
The solution to this is simple, create or buy a certificate and publish the websites/apps over HTTPS. In my case I wanted to create a wildcard certificate, cause I published my sites as subdomain, like;
- site1.mydomain.com
- site2.mydomain.com
Below you find the steps how I managed it to published this sites over HTTPS. Read more…
I while ago I bumped into a new project called IPPam, which was a new IP Address management system. I know there are a lot of other IPPam systems around, but this one caught my interests. It has IPv6 support and the ability to import excel sheets, which is the most used IPam system I think. Also the developer is very active and listening to feature request.
So curious as I am, I started to install this new tool, to test it and at this moment I’ve also set-up in a test-environment at work, which uses a lot of IP addresses and subnets. It is still a early version (at this moment 0.2), but the basics work well and it looks very promising.
Read more…
Even now the time is getting closer and the world is really running out of IPv4 address space, still a lot of companies don’t spent time on getting ready for IPv6. While this lack of action can lead to a never ending discussion I instead give you a simple solution to get IPv6 ready (on the outside, especially the web) and gain some time for the LAN side.
Read more…
Sometimes you have processes which use multiple systems and if you are real lucky they cover multiple OS flavors, in this case I had a process which needs to make changes on Windows and Linux servers. Since Powershell was relatively new to me, I thought why not start with that. The Windows part was easily covered, but the Linux part, well euhm, takes a bit more effort.
Read more…
MS NPS (Network Policy Server) is often used as a RADIUS server for Network Access Control. Since every functionality needs some kind of managing, the NPS is no exception to that. It is easy to manage the NPS server by logging on to the server physically or with tools like RDP. Unfortunately remotely managing the NPS server, with MMC snap-in or with netsh is not possible. Since I like to script things which occurs more then once and needs more then 1 step it would be a nice feature to remotely manage the NPS server on CLI base.
Luckily this can be accomplished with the help of Powershell. Powershell has the possibility to remotely execute commands on systems and give back the result. This makes it possible for us to remotely execute netsh and manage the NPS. Below I give you a simple example of how this can be done, of course you can build this to a whole menu to manage the NPS it depends on your own needs.
Read more…
It has been a while since I wrote a paper about the implementation of NAC. Now almost a year later it is finally in progress of implementation. One of the most time consuming processes and error sensitive ones is the adding of MAC addresses to the Active Directory of devices which doesn’t support Dot1X.
Unfortunately there are a lot of devices which don’t speak Dot1X or having troubles with it. So if you want to do it right (IMO) you put these devices in different categories (and subnets) so you can put ACL’s on it (MAC spoofing can be easily done). At this moment we have three different categories within MAB authentication, which may grow in the near future; Thin clients, Printers and temporarily devices.
To keep an clean view of all these MAC addresses in the AD I categories these MAC address in different OU’s, so I have three different OU’s which represent the different devices. We use Microsoft NPS server as Radius server and unfortunately you can’t (at least I didn’t find it) use the OU as a hit for a rule. So you also need to make three groups in which you place the MAC addresses (these are user objects in the AD). You also want to delete the “Domain User” group from the MAC address. Otherwise people would be able to login with MAC address on you domain members.
So there you have already three different steps to just add one MAC address.
- Add the MAC address to the right OU.
- Add the MAC address to the right group.
- Delete the group Domain Users (to accomplish this, set the other group as primary.)
This isn’t a problem, but if you have to add MAC addresses regularly, this is quiet annoying and you easily forget one of those steps. Another thing you might consider is that most of the time MAC addresses are added by other persons, it would be nice if you give them a tool which makes it easier for them and less faulty.
Read more…
Before I begin, I really need to thank the guy from the Vigor 2130 Google Code page, I did not get his name, but without his help and patient it would never succeeded. So thank you!
When I bought the Draytek Vigor 2130n one of the requirements I had was VLAN support. I could imagine that in the near future I was willing to split up my home network in multiple networks (VLANs).
So I was amazed when the time was finally there, that the VLAN support I was looking for wasn’t supported through the web interface. I even read the manual and there was just no way to configure VLANs the way I wanted. So as my last resort I went to the Google Code page and asked for help. Below you find a summary of how I configured my vlans.
Read more…
A bit longer then a month ago I posted my “early” alpha version of tool which can import Dreambox channellists into MediaPortal TV-Server. While this tool, was just a try-out if it was possible and lacked all the error handling it was still a small success. I decided to start over (with a bit of the old code 
), so I created MPTVAdmin2, which should be more stable and easier to use. It is still a beta, but I like to hear your comments on it.
You can find the tool in this thread on the MediaPortal forums.
When you are a bit handy with computers, you soon become a kind of computer god to your family and friends and if you don’t watch out, you get overloaded with questions and problems. If that is not enough you find yourself (re)installing each computer over and over again. Wouldn’t it be nice, if they can help there selves and you are just needed once in a (long) while?
Read more…
This blog is short and especially for people who have a MediaPortal TV-Server running with DVB-S(2). When you have a satellite dish with multiple LNB’s pointing at different satellites you probably end up with a lot of channels. MediaPortal can handle this perfectly, but the All Channel groups is getting slow and it takes a lot of time to group your channels in handy categories.
A college of me pointed me to some list which is created for the Dreambox, which can be imported in a Dreambox and create nice channel groups. (He told me that you even don’t have to scan for channels). The link he gave pointed to the Hensat list, which he used.
Besides that scanning for channels can take a lot of time it is not a real problem for me, because it is just one click and it does the job. Creating the channel groups is a whole different story, create groups for your provider isn’t that hard, but create groups by genre, like “Music”, “Movie”, etc. takes a lot of time, cause there are a lot of FTA channels out there and it would be a nice to also add them to the right groups.
So I decided to take a look at the “Henksat” list and try to create an import tool for MediaPortal for it. Since I succeeded by doing this, I got some friends also asking for it. First I was a bit skeptic, because it is created in a quick and dirty way, like no exception handling at all.
So before you download and use this tool a few things you should know;
- The import folder must end with a “\”.
- You can select channels with the right mouse button.
- deselect/select the checkbox is with the left mouse button.
- Always make a back-up of your working configuration
- Please remind that this is just a very basic test-version created for myself.
- Last but not least, I’m not responsible for any damage caused by this program!
Download MPTVAdmin.
