Archive for the ‘Allgemein’ Category

A few weeks ago, I got to play around with a Tandbard RDX® QuikStor™. I tried to convince the SBS Backup Assistant  to recognize the device as a backup target which unfortunately did not work right away. Using google I came across quite a few people who are having the same problem and most of those got either the same answer “It’s not supported and does not work” or they got a hint to use wbadmin as the command-line tool works unlike the assistant. The thing with this is that the SBS Console does not recognize it when you backup like this and it will actually tell the user that there is no backup configured.

There is a way though to get it working like it should. The thing is the backup assistant does not show removable media as a backup target and only shows fixed disks. And this is there the RDX Utility of Tandberg comes into play. Using the utility you can switch the device mode from “removable” to “fixed disk”. Just double-click on your device and go to the “Utility” tab. Here you can click on “Change device mode”.

image001

Having done this you can now use a single cartridge as backup target. So you want to use multiple cartridges and the assistant won’t let you? For this you need to use the commandline-tool wbadmin to configure multiple targets. You can use “wabadmin get disks” to list all disks available as backup-target and then use “wbadmin enable backup –addtarget:” to add it to the backup. The error message in the screenshot below only tells me that I had already added the disk to the backup-targets.

image002

There is one caveat to doing this though. The RDX device in “removable media” mode will prevent you from ejecting the cartridge when there is activity on the device and instead the LED will blink orange a few times. When in “fixed disk” mode it will not do that and eject the cartridge. You can imagine what will happen if you do this while a backup is running. So make sure you swap cartridges only when the backup is complete. I scheduled the backup to run two hours after the last employee left the building and told the customer to swap the cartridges when leaving and not in the morning when coming to work as the backup might still be running (and it sometimes is). Also, when using multiple cartridges you will have to do full backups and cannot use differentials.

 

Imagine the following scenario:

Within a domain-network you want to provide a service, that can only be accessed by your domain-users, without them having to login. Take for example Typo3 on a host running linux with Apache. The required modules and libraries for apache and kerberos have already been installed and configured and you are currently trying to get kerberos to work. A domain-account has been created and a keytab was provided  for the linux-host to use.

But if kinit now keeps displaying the error “Client not found in kerberos  database” this can have several reasons. The Linux-Host could have a wrong hostname. So if for example the principal in the keytab was created for HTTP/cms.example.org@EXAMPLE.ORG but the Linux-Host has the hostname typo3.example.org the above error-message can be displayed.

Also, general typos while creating the keytab can be responsible. But if you have already ruled out such mostly easy to spot mistakes, then most of the time the Windows Event Log on the KDC can help. If you for example find the event ID 11 with source KDC saying “There are multiple accounts with name HTTP/cms.example.org of type DS_SERVICE_PRINCIPAL_NAME.” what exactly does that mean? It means that the principal that you created has been asssigned to multiple accounts.

A principal for a service is assigned to an account using the attribute servicePrincipalName of that account. So you can assign the same principal to multiple accounts which is not allowed. Such a mistake can be corrected using LDP. You just look for the accounts in question and remove the attribute servicePrincipalName from those accounts where you don’t need it (anymore). Using LDP the filter servicePrincipalName=HTTP/cms* with BaseDN DC=example,DC=org. After correcting the attributes you can simply try to get a ticket using kinit.