Sysadmin Mega Thread

I know you solved your issue, but just continuing the thought…

On macOS, you can auth ssh with the finger print reader (PIV). I wonder if it’s possible to use Windows Hello hardware similarly. Extra nice because you tie it to the employee and their assigned hardware at the same time.

1 Like

Windows noob question. I have a proprietary server application that I need to run on a Windows VM. It has a web GUI that runs through IIS. The company requires SSO/SAML or otherwise some way to authenticate the web GUI through AD. The application does not have any sort of directory integrations but I’m wondering if this can be configured in IIS? Otherwise, we have to use a Cloudflare proxy which is fine, but adds complexity and cost.

1 Like

Regarding SSH 2FA, we reviewed the policy again that we have to comply with, and it turns out its 2FAing admin access only. Management decided that since sudo requires OTP 2FA and non-key based auth also requires OTP 2FA, we’re not gonna move forward with the SSH key rotation.

In other news…

On Today’s adventure of “2FA literally everything”, I tried to get 2FA LDAP working on Dell iDRAC and failed miserably.

Instead of doing Bind DN with the specified bind user and bind password that’s configured for LDAP auth, it does bind auth with the user and password you’re logging in with and then reuses the credentials for the login itsef
And if you use 2FA for LDAP the second part of auth process triggers TOTP replay attack mitigations, because its reusing the same token.

Hoping that this ldap proxy will mitigate the issue

If it doesn’t work, I have to do something incredibly dumb and somehow allow HOTP/TOTP replay attacks in a 30 second time window because Dell’s LDAP implementation is insanely stupid

Just checking but have you updated the DRAC firmware? I know it fixes a ton with HP’s implementations.

Yeah, iDRAC 7 is on the latest version

1 Like

Ok, I had to mention it because, well, sometimes its the simple things that get overlooked.[quote=“thunderysteak, post:4348, topic:144586, full:true”]
Yeah, iDRAC 7 is on the latest version
[/quote]

1 Like

Don’t quote me on this because its been about 6 years since I messed with UCS, but I believe the firmware is part of a UCS chassis bundle. When you roll through a chassis upgrade it upgrades the FI’s with a rolling upgrade (one FI at a time with failover) and then on to the chassis itself and the base component firmware for the servers. I know you are looking for it individually but I don’t know if its available like that.[quote=“judahnator, post:4336, topic:144586, full:true”]
Anyone have a link to the firmware for a Cisco Nexus 6296UP? The Cisco downloads page is missing the product, at least from where I’m sitting.


[/quote]

Aw bummer. I thought I had scored big with a cheap 10G switch but it looks like I should have done better research.

1 Like

I made the same mistake with an Arista switch. No ability to get updates on 2nd hand hardware. It’s a real shame.

2 Likes

Looking into Markdown vs LaTex.

I write a lot of documentation. Anyone willing to share their insights on these?

cotton

All of my personal notes are in markdown. Heck, my resume is in markdown. Most any client supports it, and its (in my opinion) easier to read the syntax.

LaTex is usually unnecessary for IT documentation, but I think some Markdown interpreters allow LaTex embedding. Do you need to show some math formulas or what would be the reason to use LaTex?

Wife uses latex but yeah only really for math equation stuff

1 Like

I’d like to start a role in technical writing.

2 Likes

I’d say that depends on for who you are writing. I’d probably start with markdown and then embed latex if needed.

Oh like you’re going to hire someone?

If it were me, I’d add LaTex as a nice-to-have. Actual experience in technical writing would be much more important than either Markdown or LaTex. Anyone capable or writing good technical documentation should be able to develop a functional understanding of Markdown in a week or less if they’re not already familiar with it.

No, I want to get a technical writing position where I currently work.

After looking into these, I think I’m going to use python and jinja to generate latex documentation based on a config file and data stored in a mongodb.

Hopefully this works because I really want to get out development.

1 Like

Oh, automating technical documentation is a different beast. I’m still not sure why LaTex would be the best choice, but whatever makes sense to you. Have you looked at GROFF and/or pandoc? Might be useful if you want to bounce to documentation out to different formats.

I nearly did the same recently, and was reminded that writing styles are subjective.

Interview went well. Felt good about it. Sent the writing sample they asked for, and never heard from them again. :person_shrugging:

So yeah, take that into consideration also. It’s not like engineering where there’s well defined right and wrong answers.

// JSON config for autodocumenter
{
  "meta": {
    "subjective_style": "friendly" // uses a lot of adjectives
  }, 
  "doc": {
    "name": "How to do whatever"
    ...
  }
}

Interestingly enough, the “engineering” “subjective_style” while technically the most correct always; is frequently viewed by non-technical people as “wrong.”

(end tongue in cheek)

1 Like