Unauthenticated Access to WebSEAL Junctions

January 8, 2012April 7, 2013 ~ Anton Khitrenovich ~ 3 Comments

[ Update (April 2013): How to perform this task with ‘pdadmin’ utility. ]

By default WebSEAL junctions do not require any specific authentication for external access – they just derive the default ACL definition of the WebSEAL. However, this default ACL does not allow access to unauthenticated users. So, efficiently the users have to pass authentication with any available authentication method to gain access rights for the junction that does not need any specific authentication.

Here I will explain how to define unauthenticated junction – a junction that allows access to any user, including users that did not pass WebSEAL authentication at all. In fact, creating unauthenticated junction in WebSEAL is super-easy and super-simple when you are experienced WebSEAL professional. If you are a newbie or WebSEAL administration is not among your main tasks, the logic of this flow is not so trivial to guess (or even recall). Continue reading “Unauthenticated Access to WebSEAL Junctions” →

How to fix “missing required fields” warnings in Rich Snippets Testing Tool

December 24, 2011December 7, 2012 ~ Anton Khitrenovich ~ 55 Comments

Several days ago I checked what Google’s Rich Snippets Testing Tool thinks about this WordPress-based blog. The results were not bad in general, but also not good enough for my understanding. While Google was able to detect that I am the owner of the blog and presented a link to my Google+ Profile, and the main page of the blog was correctly detected as a list of blog entries, each one with the permalink, a list of tags and a list of categories – the most important things were missing: the title, the date and the author of the post. The following errors were displayed for each blog entry:

Warning: Missing required field “entry-title”.
Warning: Missing required field “updated”.
Warning: Missing required hCard “author”.

Obviously, I started to check what can be done about that. Continue reading “How to fix “missing required fields” warnings in Rich Snippets Testing Tool” →

How to install Admin Pack for Windows 2003 on Virtual Machine

December 14, 2011November 13, 2012 ~ Anton Khitrenovich ~ Leave a comment

The internet is full of complains that Admin Pack for Windows 2003 cannot be installed due to protected Windows files. I guess that this can happen for various reasons, but I have found a solution for at least one of the cases – when the server where the installation of Windows 2003 Admin Pack fails is virtualized.

So, we have two servers – Windows 2003 Server with Active Directory installed as Domain Controller (server #1) and VM with Windows 2003 Server that is a member of this domain (server #2). The need – administer DNS and DHCP settings of AD remotely, but corresponding MMC snap-ins are not available by default on non-DC machines. The correct way is to install ADMINPACK.MSI, available from Windows 2003 installation CD-ROM or from Microsoft Download Center. (Of course, you can always open an RDP session to a DC – but this does not address the real need.)

However, the installation suddenly shows a message “The Windows Installer service cannot update one or more protected windows files” and rolls back everything that was already installed. The Event Viewer reveals error numbers (“Error 1933. … SPF Error: 1223.”) and the list of protected files – but this does not really help. So, what can we do about that?

In fact, the solution is really simple. Running the same installation via the console RDP session (or in the vSphere console) reveals the real cause for the failure – the Admin Pack install needs Windows 2003 installation CD-ROM, but for some reason does not tell that on non-console sessions. After the requested CD is provided (for VMs, this can be done by mounting the CD image in vSphere or via DaemonTools), the installation was able to complete successfully. Continue reading “How to install Admin Pack for Windows 2003 on Virtual Machine” →

How to configure iptables to allow incoming web traffic

December 4, 2011 ~ Anton Khitrenovich ~ 2 Comments

One day you need to enable a web server on your Linux box. The steps look simple: turn on httpd, set some content under web root directory – and you are done. Quick test via “telnet localhost 80” assures you that the server is up, and you are going to test it in a browser from other machine… Nothing! In the best case (of Google Chrome) you will get “Error 109 (net::ERR_ADDRESS_UNREACHABLE)”… Actually, this is a good hint for you that the HTTP port on your fresh web server is blocked by internal firewall (in case of Linux it is typically “iptables”). BTW, another test that can give you additional indication is to try to connect to external IP address using telnet from inside the server.

The solution is very simple – add HTTP port to the list of allowed port in iptables configuration. There are many tutorials that explain how to do it via the command line:

iptables -p tcp --dport 80 -j ACCEPT

…but those changes will not survive the VM reboot. The right way is to edit iptables configuration file “/etc/sysconfig/iptables” directly (see example for RedHat-based systems below).

Continue reading “How to configure iptables to allow incoming web traffic” →

How to download large video from iPhone to PC

November 5, 2011November 5, 2011 ~ Anton Khitrenovich ~ Leave a comment

Some time ago I have to download a lot of photos, including several videos, from my iPhone to my WinXP PC. The copy took 20-30 minutes, but finished without any errors. This weekend I had some spare time to sort the photos and suddenly realized that several videos have zero size. Fortunately, I had no time for clean up the photo library on the iPhone during this period and the originals survived. However, copying the files one per time lead to the same effect – Windows Explorer silently failed after 1-2 minutes of trying, leaving the empty video in the target folder. Looks like the limit is around 200Mb…

The workaround is simple – it appears that iTunes leaves the last full backup on the hard drive (on WinXP it is under “C:\Documents and Settings\\Application Data\Apple Computer\MobileSync\Backup\”), and this backup contains plain copies of all photos and videos from the device. All files have computer-generated names (even w/o extension), so there is no immediate way to determine which file contains the video that you need. The simplest option will be to sort those files by size, copy the largest ones to another folder, appendthem “.mov” extension and watch them one by one in some video player.

P.S. This issue was first mentioned on Apple forums 1.5 years ago, even before the release of iPhone 4, but not fixed yet.