Sunday, December 25, 2011

Windows Vista asking "press the configuration button on the access point"?

WOW, reason 9,746 to move to Linux. My parents have a laptop with
Vista on it. Not a big deal, should do normal stuff and not require
much attention. I set them up with anti-virus and the UAC prevents
them from doing anything too silly without seeing the "oh noes!"
pop-up. I figured they were all set.

Well, come to find out, a well-intentioned person "helped" them with
their home network and computers (they have some apples too -- I wish
it was the fruit). The wireless network was WEP with the default SSID
and they were having problems adding a new laptop to the wireless. My
father didn't know what the passphrase was to the router and asked me
for some help resetting it. I easily hit the admin web page for the
router and guessed the password. I set the network to be WPA2-PSK and
gave it a nice passphrase they could remember, and proceeded to write
it down on the router for them. Tested the connection with my wife's
smart phone and the apple laptop.

Before I left my mother asked me to set the wireless network for her
laptop... her Vista laptop. (sense of dread yet? I should have felt
it). The kids were feeling tired and the wife wanted to get home to
get ready for Christmas morning. How hard could this be? The goofy
laptop detected the wireless network, I clicked to join it and the
crazy thing said "Press the configuration button on your wireless
access point."

It might as well have asked to pet my giraffe. WTF? At the bottom
there was a link to manually enter the PSK in case I could not find
the button.. thanks, I am an idiot and can't find a button? I entered
the PSK because pressing a button on a wireless router was dumb, silly
and for stupid people who waste their time. The problem is that then
Vista had a problem and couldn't connect to the wireless. Maybe I
typed the PSK in wrong.. multiple tries and it would not work! I had
looked at the router, it was a Netgear. (sense of dread yet? I should
have felt it).

Come to find out there is a crappy thing Netgear calls WPS or Wireless
Protected Setup. This "security" feature lets you press a button and
have the Vista device negotiate a WPA passphrase with the router.
Dumb! The problem is that WPA is crap and WPA2 is where the cool kids
hang out these days. So this crap will not work with Vista as it is
WPS-aware (although Microsoft is always blazing new trails of
stupidity and dumbness and calls it "Windows Connect Now").

Now I am looking at a Vista Home Basic laptop that needs Windows
Connect Now disabled. Google tells me that I can disable it with a
local Group Policy (yay!) but the Local Group Policy Editor does not
work on Vista Home Basic as GPOs are disabled on it (boo!). I found a
xlsx spreadsheet with mapping between GPOs and their registry keys
(yay!) but am not sure how to deciper the registry entries on the
spreadsheet (boo!).

They look like this:
HKLM/Software/Policies/Microsoft/WCN/Registrars!EnableRegistrars,
HKLM/Software/Policies/Microsoft/WCN/Registrars!DisableUPnPRegistrar,
HKLM/Software/Policies/Microsoft/WCN/Registrars!DisableInBand802DOT1Registrar,
HKLM/Software/Policies/Microsoft/WCN/Registrars!DisableFlashConfigRegistrar,
HKLM/Software/Policies/Microsoft/WCN/Registrars!DisableWPDRegistrar,
HKLM/Software/Policies/Microsoft/WCN/Registrars!MaxWCNDeviceNumber,
HKLM/Software/Policies/Microsoft/WCN/Registrars!HigherPrecedenceRegistrar

Who names this stuff? My main issue is what does the Exclamation
point mean? Are those end values binary values, empty string values?
Who knows. I also disabled the Windows Connect Now service and hope
that does the trick. We will see...

What crap... time for bed.

If you are a lost soul and wondered about this, please comment below..
Any fixes are appreciated!

Monday, December 19, 2011

More booting USB drives with ISO images

So in a previous post (Linux bootable USB Drives )I discussed making USB drives that booted directly from a ISO. I first wanted to mention that I find this very useful when I want to install a new distro of Linux and do not want to fight my way through burning a CD or solving the mystery as to why uNetBootIn does not work for me in Linux. In theory, all I have to do is drop a new ISO in the thumb drive and reboot! How simple is that?
Not simple enough as to immediately after posting that I tried to reinstall my computer with the latest official version of Linux Mint12. When I dropped in the new ISO and rebooted I was greeted by:
"ERROR 60:File for drive emulation must be in one contiguous disk area"

I immediately invoked my Google Genius and started searching the web. Apparently booting from an ISO requires that the ISO be a contiguous file and is sensitive to FAT's issue of fragmenting files. The web offered the options of running windows tools to defragment the file, so I tried Contig.exe(Contig.exe). Maybe it does not work on linux, maybe it does not work with Wine, maybe I am a bonehead. I could not get it to actually fix anything as I ran the tool and then rebooted over and over. The real issue was that I had backed up a few files on the thumb drive then deleted the old ISO then added the new one. The thumb drive was actually fragmented, so I moved off all the files and then moved them back and it worked! So if you try the method in the previous post and you get a ERROR 60, try cleaning the thumb drive and then copying the files back.
In my haste in getting the files back together for the drive, I managed to edit the menu.lst too many times. I messed it up hard. When I was back and booting to the thumb drive, I started getting another error:
"Unable to find a medium containing a live file system" at a "(initramfs)" prompt.

Now what? Well Google told me that there are issues with people's motherboards where the thumb drive must be plugged into a port that Linux can see without extra drivers. Linux must also need to see the hard drives so if you have SATA on an unsupported 6meg connection, youmight need to move it to a 3meg connection. There are also problems on some motherboards where the SATA is in IDE mode and must be changed to AHCI mode. My problem was none of these, my problem was my Menu.Lst. I had goofed and put a space on the line that reads:
"kernel /casper/vmlinuz file=/cdrom/preseed/mint.seed boot=casperiso-scan/filename=/mint.iso splash quiet --"

The space was after the "iso-scan", so if you have a problem like Idid you can save yourself a few hours and check the syntax closely. I hope this helps someone someday!

Friday, December 16, 2011

Automate Cisco ssh connections with plink in Windows

So, you are a hard working nerd and have a windows computer to manage
routers with. You also have a lot to do and would rather automate
some stuff with scripts. I can help you learn to use Plink to make
simple batch files to automate work!
*(unlike most of my other posts, this one is for the Windows universe
and does not cover use of plink or scripting in Linux)

Plink basics:

Plink is part of Putty and available at
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html (don't
download it from other places, this is the official location). It is
the command line interface for Putty and can be used in scripts. Be
sure to download the installer or the zip with all the files as Putty
is a great tool if you ever SSH, SCP or connect to network hardware in
general. The "latest development snapshot" is what I used for this
post, as things might change in the future and bugs be introduced or
other issues that would alter the information in this post -- please
use the stable release if you are timid.

Plink.exe is simple to use, but I have had problems with it and Linux
machines ("server refused keyboard-interactive authentication" issue).
That is why this post is all about Cisco, I have not had problems
there. An example to connect to a Cisco device is: c:\putty\plink.exe
cisco@192.168.0.1 -pw P@55W0rD! where the user name is "cisco" with a
super secure password of "P@55W0rD!" connecting to a Cisco device with
an ip of 192.168.0.1. This command should get you a ">" prompt on the
device.

Scripting:

Wait! How to I script this? How do I get enable access? To do much
else you need to make a command file.

A command file is just a text file with the list of commands you want
to run, in the order you need to run them. Here is an example
(command.txt):

enable
3N@b73
show clock
show mem
show cpu
exit

If I were to run: c:\putty\plink.exe cisco@192.168.0.1 -pw P@55W0rD!
-m command.txt then I would get the memory and cpu statistics
displayed on the screen. If I were to redirect the output to a text
file with a "double waka" (>>), like this: c:\putty\plink.exe
cisco@192.168.0.1 -pw P@55W0rD! -m command.txt >>
router_utilization.txt then I could have a text file with the date
and time, memory and cpu statistics. If this command were in a batch
file that was scheduled to run periodically then it could keep a
running log of the device.

For extra credit, how might we get this script to run and check stats
on different devices? If we make a separate file called "devices.txt"
that contained the IP addresses of the devices we need to monitor like
this:

192.168.0.1
192.168.10.22
192.168.10.24

Then we could run this command (provided that the account name,
password and enable password were the same on each device):

for /f %i in (devices.txt) do c:\putty\plink.exe cisco@%i -pw
P@55W0rD! -m command.txt >> device_utilization.txt

(if you put this in a batch file, be sure to use "%%i" and not the
"%i" as the batch will strip the single percents)

Enjoy!

Popular Posts