File access slow on windows XP, STATUS_OBJECT_NAME_NOT_FOUND

on those clients, try moving the Microsoft Windows Network to the top of the list in the network provider binding order

http://support.microsoft.com/kb/894564

How to change the Provider Order

1. Click Start, click Run, type ncpa.cpl , and then click OK.
You can see the available connections in the LAN and High-Speed Internet section of the Network Connections window.
2. On the Advanced menu, click Advanced Settings, and then click the Provider Order tab.
3. Use the arrow keys to move the Microsoft Windows Network provider to the top of the list and select OK

I have seen issues where mixed Netware/Novell environments tend to fight each other a bit, the battleground is the Provider Order tab.

wpad caching

With ISA server the WPAD.dat file gets a ttl of 3000 seconds. After a wpad update you have to wait untill the file is refresh.

To fast-refresh:

- Surf to http://wpad/wpad.dat and press CTRL-R.

- Close all browsers

 

bash colors

How to get some bash color in your life:

To change the prompt to bright white on blue:

export PS1=”\e[37;44m[\u@\h \W]\$ \e[m ”

To change the search results from grep.

export GREP_COLOR=’1;30;43′

Add these to ~/.bashrc to use them next time you open a terminal session!

Configure a wireless test account in NPS to authenticatie with mac-address / username / password

1) open the Network Policy Server console

2) Right-click “Network Policies” and click “New”.

3) Enter a “Policy Name”

4) Select the condition “Calling Station ID”

5) In the value, enter the device mac-address “xx-xx-xx-xx-xx-xx”.

6) Select the following authentication methods:

- Microsoft Protected EAP (PEAP)

- Microsoft Secured password (EAP-MSCHAP v2)

7) Configure the nas Port type “Wireless – IEEE 802.11″.

Done! User the event viewer (tab security) to see how authentication is going!

tcpdump strip ip address from text line

A nice way to strip info from your tcpdump:

tcpdump -i em2 -nn -s 0 <filter> | awk {'print $3'} |
awk -F"[ .]" '{print $1"."$2"."$3"."$4}'

blue: get some data from the second networkcard.

green: print column 3 (source ip address).

red: strip the port number from the column.

Can you figure out what this one does:

tcpdump -i em2 -nn -s 0 -c 10000 | awk {'print $3'} | 
awk -F"[ .]" '{print $1"."$2"."$3"."$4}' | grep 10.10.3.45 | wc -c

 

 

Create a text filter in rsyslog.conf

Here is an example how to filter some messages from your rsyslog:

# Save Cisco Messages (filter known junk messages)

:msg, contains, "System clock" ~
:msg, contains, "changed state to down" ~
:msg, contains, "changed state to up" ~
:msg, contains, "LINK STATUS CHANGE" ~
:msg, contains, "FIB synchro state" ~
local7.*                                                -/var/log/cisco.log

Showing the DNS queries to your AD controller with TCPdump

The following command will show the DNS queries to your DNS server:

tcpdump -i em2 -nn -s 0 dst port 53 | awk {'print $1" "$3" "$8'} | grep -v seq

red = show the dns queries. green = show only words 1, 3 and 8 in the line. blue = filter the ‘seq’  junk.

Result:

08:27:10.093938 10.1.1.2.53060 stun.client.akadns.net.
08:27:10.116692 10.1.1.2.59186 stun.client.akadns.net.
08:27:10.118604 10.1.1.2.49966 stun.client.akadns.net.
08:27:10.120539 10.1.1.2.50279 stun.client.akadns.net.
08:27:10.122403 10.1.1.2.63134 stun.client.akadns.net.
08:27:10.124533 10.1.1.2.54681 stun.client.akadns.net.