My Blogs
blog
Keep up with the latest news
AD - Administrative Limits
Active Directory Database limits restricts your ability to manage objects - Learn how to quickly fix the problem
I recently ran into an issue with a particular environment where Active Directory and PKI services were deployed. One of the service accounts which I was attempting to ‘unlock’ refused to co-operate and instead offered the most unhelpful message. Administrative limit for this request was exceeded - this was not my first time encountering the message, previously this haunted me while I was managing a Windows PKI infrastructure and with some quick searches, confirmed my initial suspicion.
Read moreBicep - Tags as Parameters
Deploying infrastructure ARM Templates to Azure, but using Tags and their respective value as the parameter configuration settings
In a post earlier, we look at using arm to lookup the value of tags' at both the Subscription and Resource Level. With Bicep this is much easier to understand. This is the same lab configuration as in the original post, but this time to code should be a lot more readable. // Sample to lookup tag values // Both Subscription and Resource Level @description('The resource ID of the resource we wish to look up a tag from.
Read moreConfiguring FreeRadius for 802.1x
Guide to installing an alternative Radius service, for those who may have implemented Windows NPS Server - License Free and Open Source, Enterprise Ready
In a pervious post, I covered the steps to deploy the current stable release of FreeRadius, by installing the packages from the NetworkRadius organizations repository. We will now, focus on configuring the FreeRadius server so that it can authenticate 802.1x requests. Why? Why would we go to this trouble, especially given the fact that Windows has shipped with its own NPS service, for the past 20 years? Simple really, In the world of Cloud First, many customers are now selecting the option of Azure AD Joined only, for their machines in preference to AD Joined, or even Hybrid Joined.
Read moreExtracting Public and Private Certificates from a PFX
PFX files enable to transportation of certificates between systems, however many services require separate files for both public and private certificates
Using OpenSSL, we can extract the private key, and the certificate into independent file’s, which is required for most networking devices, and linux services. You will need to install the OpenSSL package, either on your Windows or Linux system (I have covered how to update the current version on Linux here) Export the private key from the PFX file We begin, by passing in the PFX and requesting the Private key to be placed into its own file.
Read moreCreating a PFX from a certificate in Windows
Windows stores certificates in a special logical store, in this post we check out two methods to export certificates with their private key to PFX files
A .pfx file is in essence an archive which can contain multiple objects, and can also be password protected; The format of this file is known as PKCS#12 Typically, a .pfx usually contains one or more certificate, typically the chain of upstream authorities, and the corresponding private key. The most common usage of a PFX file is simplify certificate distribution to alternate systems or deployed to services. Logical stores Within Windows, all certificates exist in logical storage locations referred to as certificate stores.
Read moreCreate PKI Certificate for Linux Server
Using OpenSSL we learn how to create a Certificate Request from Linux node, to issue a certificate from a Windows PKI Server
At some point, you will have the requirement of creating a certificate request, and submitting this to an online certificate authority, which will process the request and issue you a certificate with both a Public and Private Key. In this post, we will use the ‘OpenSSL’ utility to create such a request file, and walk trough the steps of issuing a certificate from a Windows PKI Server. Creating our Certificate Request We will create a Certificate Request template file which defines the settings which are necessary to also include Subject Alternate Name in the issued certificate.
Read moreOpenSSL 1.1.1k on Ubuntu
A simple guide to installing the current version of the OpenSSL utility on Ubuntu Linux
Being over 25 years old, OpenSSL can be found on just about any system you work with today; but this does not imply that the version installed is current (or even close). During its life, there have been many instances where OpenSSL has been in the news, where some new vulnerability has being discovered, and quickly after, patched. The Swiss Army Knive of SSL Certificate’s, this is a tool that everyone should have at least used once in their administrative duties.
Read moreInstalling FreeRadius
Guide to installing an alternative Radius service, for those who may have implemented Windows NPS Server - License Free and Open Source, Enterprise Ready
FreeRADIUS is an open source, high-performance, modular, scalable and feature-rich RADIUS server. It ships with both server and radius client, development libraries and numerous additional RADIUS related utilities, for Linux FreeRADIUS supports request proxying, with fail-over and load balancing, as well as the ability to access many types of back-end databases. RADIUS, which stands for Remote Authentication Dial-In User Service, is a network protocol used for remote user authentication and accounting.
Read moreStreaming Vynil On Sonos
Mixup some Vyinl Oldies, a little Ice to cast, and a PI for some energy, and your ready to go
A little known trivia - I was once a Disc Jokey, and spent a lot of my youth behind the decks, in clubs around the West Of Ireland. Today, I still am the proud owner of a very large collection of Vynil and CD music, which of course deserves to get a second life with my digital streaming audio system powered by Sonos USB Turntable Streamer I own a really nice turntable which is modeled on the Legendary Technical SL1200 MK3, which I am so well aquatinted with, including the awesome Citronix DJ Console which was home to 2 of these beauties in so many clubs way back when…
Read moreAzure IaC - Tags as Parameters
Deploying infrastructure ARM Templates to Azure, but using Tags and thier respective value as the parameter configuration settings
In the post, I am going to introduce a concept which will allow you to greatly up your Infrastructure as Code game, by using Azure as a State Machine! One of the typical challenges when deploying ARM templates, is the sheer number of parameters which we find as a requirement to complete a deployment; which as you will appreciate gets considerably harder as we target many environments. There are a number of methods to address this, including the use of Parameter files or Continuous deployment variables; each with their own challenges.
Read more01. About Author
Damian Flynn
I define myself as an evangelist; an entrepreneur & author with an ideology rooted in business insights, technology exploration, pattern analysis and high energy. I envision, theorize and develop system architecture and strategic business platforms, soaked in storytelling and innovative technology.
02. Last Posts
- Page 1 of 4
- Previous Posts