Friday, October 6, 2017

How to add remote disc to macOS 10.12

Open a terminal:

mac:~ user$ sudo defaults write /Library/Preferences/com.apple.NetworkBrowser EnableODiskBrowsing -bool true
Password:
mac:~ user$ killall Finder

Open Finder
Go to Devices
Select your hard drive
You should now see Remote Disc

Tuesday, September 26, 2017

Building a Media Server with Plex

I've been using Plex (www.plex.tv) for a while now but I just could never find the right setup. I think I'm getting closer so I decided I'm going to start documenting it here. Throughout my search, I've never found 1 page that says here is how you do it. Hopefully that will change with this page.

Step 1
Purchase a DVD or Bluray and then Rip it. For this step we are using MakeMKV (www.makemkv.com).  After installing and running it, put the disc in and have it start scanning the disc.  Once it loads you will see multiple lines that look the same. You want to select all lines that have a lot of chapters. That is one way of knowing it's the feature film.  We just don't know which is the language we want.

Step 2
Select the Subtitles of your language and the forced subtitles below the line you already selected. For example, sometimes you might find more than 1 english, so select them all. If you are unsure if the movie has subtitles, here is a google doc that people are updating. Click Here.  You can also set this language in the menus so it only checks the language you set when you open it.

Step 3
Go ahead and start the ripping process.  Once it's done, you'll either have 1 file or multiple ones.  If you have multiple ones you need to figure out which one is the one you want.  Download VLC Player and open it there.  Once you hit the title of the movie you'll know if it's the right language.

Step 4
Extracting subtitles would be the next thing to do.  This where things start to get tricky.  You'll need at least a Windows machine (maybe a Mac).

You need to download:
  • https://mkvtoolnix.download/
  • https://www.videohelp.com/software/Subtitle-Edit
Next thing is to open back up VLC and turn the subtitles on and off one at a time.  Based off the google doc, some lines tell you which track # was the forced subtitles.  This just takes a little trial and error.  Once you figure it out, open mkvtools and open the mkv.

Select the track subtitle and click extract.  Once it's done, you're going to open it in Subtitle-Edit.  It will allow you to review your subtitles and then it exports it as a srt.  Copy it to the folder where your movie will be.  We will rename it to The_Exact_Name_of_the_Movie.language.forced.srt.  Plex will know its forced and auto select it.

Step 5
We need to convert the mkv to something that will direct play.  I've fought with this a lot always trying to rip it as high of quality as I can so it looks good on any screen.  The only problem is by doing that it buffers a ton or it has to transcode.  My new goal is to get everything where they play without transcoding and still look good.

I used the sickbeard_mp4_automater (Link) to convert it to mp4.  Here is my code:

autoProcess.ini
[MP4]
ffmpeg = C:\Users\Username\Desktop\sickbeard_mp4_automator-master\ffmpeg.exe
ffprobe = C:\Users\Username\Desktop\sickbeard_mp4_automator-master\ffprobe.exe
threads = auto
output_directory = 
copy_to = 
move_to = 
output_extension = mp4
output_format = mp4
delete_original = False
relocate_moov = True
video-codec = h264,x264
video-bitrate = 8000
video-crf = 
video-max-width = 
h264-max-level = 
use-qsv-decoder-with-encoder = True
ios-audio = True
ios-first-track-only = True
ios-audio-filter = 
ios-move-last = False
max-audio-channels = 
audio-codec = ac3,mp3,dts,dca,aac
audio-language = eng
audio-default-language = eng
audio-channel-bitrate = 256
audio-filter = 
audio-copy-original = False
subtitle-codec = srt
subtitle-language = eng
subtitle-default-language = eng
subtitle-encoding = 
fullpathguess = True
convert-mp4 = False
tagfile = True
tag-language = en
download-artwork = Poster
download-subs = False
embed-subs = False
embed-only-internal-subs = False
sub-providers = addic7ed,podnapisi,thesubdb,opensubtitles
permissions = 0777
post-process = False
pix-fmt = 
aac_adtstoasc = False
preopts = 
postopts = 
Couple of things to note:
video-bitrate I leave blank when I am testing out something.  That way it doesn't have to re-encode so its faster testing.  I'm still testing but size vs quality, I'm thinking Bluray will be around 8000 and DVDs will be around 3000.

I scrapped all of the sickbeard stuff for right now.  It's quality was ok but file sizes were still huge.  I have switched over to handbrake.  I'm doing super high quality for Blurays and High Quality for DVDs. I've been super happy with quality.

Some additional Links worth tagging:


Friday, July 14, 2017

Hackintosh Dell Precision T3500 macOS Sierra 10.12

Currently up and working. Will document all settings and configurations.

Thursday, September 29, 2016

How to rename your Spacewalk Server

This will also fix an error message if you are getting a certificate name error from your spacewalk clients.  This will cause the repos to show 0 packages even though spacewalk reports there are 1,000s of packages in the repo.  Other error messages "The SSL certificate failed verification."

On your spacewalk server you can check the cert:

openssl verify -CAfile /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT /etc/pki/spacewalk/jabberd/server.pem

You can also verify if your server name matches the certificate name by running the spacewalk rename script.

Before running the command, you need to install the spacewalk-utils

yum spacewalk-utils

spacewalk-hostname-rename x.x.x.x

The Xs are your servers IP.  It'll tell you the name it is reading.  Compare that to the file in /root/ssl-build/rhn-ca-openssl.cnf.  You are looking for cn=.

Now assuming that names don't match or you want to change your server name:

RHEL 7
hostnamectl set-hostname newservername

RHEL6
hostname newname

vim /etc/sysconfig/network

Now verify the new name is working

hostname

Now we need to create new certs.

rhn-ssl-tool --gen-ca --force

rhn-ssl-tool --gen-server

Now you need to install the new certs.

rpm -ivh --force ~/ssl-build/spacewalk/rhn-org-httpd-ssl-key-pair-spacewalk-1.0-2.noarch.rpm

Copy the new files to the apache folder so the clients can access it

cp ~/ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm /var/www/html/pub/

chown apache /var/www/html/pub/rhn-*

Note:  The rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm changed on me.  The original was 1.0-1.

Now even though it's showing everything is right the spacewalk rename tool won't work until you reboot.  So reboot and then run:

spacewalk-hostname-rename x.x.x.x

Then do like you would normally:

rpm -Uvh http://servername.domain.com/pub/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm --force

Note: Notice that I added the --force argument

rhnreg_ks --serverUrl=https://servername.domain.com/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-activationkeyname

Note: If the system is already registered, you must add --force to the rhnreg_ks command.

Monday, September 26, 2016

Error: /usr/lib64/python2.6/site-packages/pycurl.so: undefined symbol: CRYPTO_set_locking_callback

This error messages gets thrown when I run ANY yum command.  After lots of googling and finding nothing I stumbled upon part of the solution (First Link Below).

The page pointed out a system variable "LD_LIBRARY_PATH".  This variable was not set on working machines but it WAS set on machines that had Matlab installed.

I believe matlab must set this for root account which breaks yum.  Here is how I fixed it.  There was a user named matlab_user already created so I just moved the value to the user's bash profile.

This is for the root account
echo "export LD_LIBRARY_PATH=" >> /root/.bashrc
cat /root/.bashrc

This is for the matlab_user
echo "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/MATLAB/MATLAB_Runtime/v81/runtime/glnxa64:/opt/MATLAB/MATLAB_Runtime/v81/bin/glnxa64:/opt/MATLAB/MATLAB_Runtime/v81/sys/os/glnxa64:/opt/MATLAB/MATLAB_Runtime/v81/sys/java/jre/glnxa64/jre/lib/amd64/native_threads:/opt/MATLAB/MATLAB_Runtime/v81/sys/java/jre/glnxa64/jre/lib/amd64/server:/opt/MATLAB/MATLAB_Runtime/v81/sys/java/jre/glnxa64/jre/lib/amd64:/opt/MATLAB/MATLAB_Runtime/v84/runtime/glnxa64:/opt/MATLAB/MATLAB_Runtime/v84/bin/glnxa64:/opt/MATLAB/MATLAB_Runtime/v84/sys/os/glnxa64:/opt/MATLAB/MATLAB_Runtime/v85/runtime/glnxa64:/opt/MATLAB/MATLAB_Runtime/v85/bin/glnxa64:/opt/MATLAB/MATLAB_Runtime/v85/sys/os/glnxa64" >> /home/matlab_user/.bashrc

cat /home/matlab_user/.bashrc

Source:  Link

Fixing Nessus Finding Remote Desktop Protocol Network Level Authentication through GPO

How to fix the Nessus Finding Remote Desktop Protocol Network Level Authentication through GPO.

Click Start -> Control Panel -> Administrative Tools -> Group Policy Management

Step 1:

Open Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security ->

Require User Authentication for Remote Connections by Using Network Level Authentication -> Enabled

Set Client Connection Encryption Level - > Enabled
Encryption Level: High Level

Fixing Nessus POODLE Finding through GPO

How to fix the  Nessus POODLE Finding through GPO.

Click Start -> Control Panel -> Administrative Tools -> Group Policy Management

Step 1:

Open Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer - > Internet Control Panel -> Advanced Page -> Turn off Encryption support -> Enabled

Should be set to:  User TLS 1.0, TLS 1.1, and TLS 1.2

Step 2:

Click Computer Configuration -> Preferences -> Windows Settings -> Registry -> Right Click, New Registry Item.

Reg Item 1:

Action: Update
Hive: HKLM
Key Path: SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client
Value Name: Enabled
Value Type: REG_DWORD
Value Data: 0

Reg Item 2:

Action: Update
Hive: HKLM
Key Path: SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server
Value Name: Enabled
Value Type: REG_DWORD
Value Data: 0

Fixing Microsoft Security Bulletin MS15-124 Finding in Nessus

How to fix the Microsoft Security Bulletin MS15-124 Finding in Nessus.

Click Start -> Control Panel -> Administrative Tools -> Group Policy Management

Click Computer Configuration -> Preferences -> Windows Settings -> Registry -> Right Click, New Registry Item.

Reg Item 1:

Action: Update
Hive: HKLM
Key Path: SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
Value Name: iexplore.exe
Value Type: REG_DWORD
Value Data: 1

Reg Item 2:

Action: Update
Hive: HKLM
Key Path: SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING
Value Name: iexplore.exe
Value Type: REG_DWORD
Value Data: 1

Nessus Finding: Hardened UNC Path through a GPO

How to fix the Nessus Hardened UNC Path finding.

Click Start -> Control Panel -> Administrative Tools -> Group Policy Management

Computer Configuration -> Policies -> Administrative Templates -> Network -> Network Provider -> Hardened UNC Paths -> Set to Enable

Scroll down and click show.  Enter the following:

Working SSSD Config for RHEL 6.8/CentOS 6.8

Now I want to note that I have not tried this from a clean install. This is my notes from when I was switching over from samba/winbind which is why you'll see some mentions of having to copy paste things a second time or having to restart extra times. They may be optional.

Optional:
Leave old domain, sync time.
ntpdate -u dc01.domain.com
net ads leave domain.com -U username

Optional:
There was an issue with the previous version installed, had to remove before installing anything else.
yum remove libipa_hbac -y


Step 1: Install SSSD, Authconfig, SSSD Tools, ADCLI, and KRB5 Workstation
yum install sssd authconfig sssd-tools adcli krb5-workstation -y

Step 2: Configure KRB, Samba, and SSD ****** CASE MATTERS !!!!!!!! ******
echo y | cp /etc/krb5.conf /etc/krb5.conf.bak

echo "[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
DOMAIN.COM = {
kdc = DC01.DOMAIN.COM
admin_server = DC01.DOMAIN.COM
kdc = X.X.X.X
}

[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM" > /etc/krb5.conf
 
echo y |cp /etc/samba/smb.conf /etc/samba/smb.conf.bak

echo "[global]
workgroup = DOMAINN
client signing = yes
#client user spnego = yes
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
password server = DC01.DOMAIN.COM
realm = DOMAIN.COM
security = ADS" > /etc/samba/smb.conf

echo y | cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.bak

echo "[sssd]
config_file_version = 2
services = nss, pam, autofs, ssh, autofs
domains = DOMAIN.COM
#default_domain_suffix = DOMAIN.COM

[nss]
filter_users = root,ldap,named

[domain/DOMAIN.COM]
id_provider = ad
ad_server = dc01.domain.com
ad_backup_server = dc02.domain.com
ad_domain = domain.com
krb5_realm = DOMAIN.COM
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
ldap_schema = ad
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = ad
enumerate = true

[pam]
reconnection_retries = 3
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5


[autofs]" > /etc/sssd/sssd.conf

Step 3 Restart the services:
service smb restart; service winbind restart; service sssd restart;

Step 3: Test to see if all the config files are working
kinit username

Type in password, if it comes back with no response it worked.
You can check this by typing
klist

If you get an error, something is wrong in the config or your password is wrong.

Step 4: Configure PAM Modules, Join Domain
authconfig --update --enablesssd --enablesssdauth

service smb restart; service winbind restart; service sssd restart;

adcli join domain.com -U user -v

Verify everything in the nssswitch file got updated. Should be files sss.
cat /etc/nsswitch.conf

Should look like this:
passwd:     files sss winbind
shadow:     files sss winbind
group:      files sss winbind

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  files sss
aliases:    files nisplus

Step 5: Restart services, Print out AD Users, Print out AD Groups, Check ID for test User
service smb restart; service winbind restart; service sssd restart;
getent passwd

getent group

id username

Step 6: Test login
ssh username@127.0.0.1

****IF getent doesn't show anything but ID works, restart the services again, check again *****
service smb restart; service winbind restart; service sssd restart;


If you want to limit login based on groups, check out /etc/security/access.conf
echo "+ : group1 "group 2" jsmith root : ALL
- : ALL : ALL" >> /etc/security/access.conf

Sudo based on groups
echo "%admin ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers 

ShareThis