作者归档:James Swineson

解决域里的Windows和域控制器时间不同步问题

今天刚开了个新的AD,兴高采烈地把设备都加了域,结果WinRM不工作。报错如下:

PS C:\Windows\system32> enter-pssession server02
enter-pssession : Connecting to remote server server02 failed with the following error message : WinRM cannot process
the request. The following error with errorcode 0x80090324 occurred while using Kerberos authentication: There is a
time and/or date difference between the client and server.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or
use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ enter-pssession server02
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (server02:String) [Enter-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

对于一个新的域,这种情况大概率是两台设备的时钟不同步了。

继续阅读

Synology DSM通过网络分享UPS给其它Linux设备

很多UPS(例如APC的大部分产品)都支持串口上报数据,但是很多时候你会用它支持不止一个设备。这时候你就需要通过某些网络协议来共享UPS状态。Synology DSM的网络UPS共享功能其实不仅支持把UPS状态共享给另一台DSM,而且还支持第三方操作系统。下面是一个能用的配置例子。

继续阅读

Proxmox VE开机自动挂载在ZFS上的directory类型存储空间

如果你跟我一样在ZFS上创建了第二个volume然后尝试把它作为Proxmox VE的directory类型存储,那么你可能也遇到了重启以后这个volume没有正确挂载的问题。这并不是ZFS automount失效了,而是在ZFS挂载之前,Proxmox VE就会在上面创建出vz文件夹来,而ZFS默认状态下又不允许overlay mount。

解决方法:

# cat /etc/systemd/system/zfs-force-mount.service 
[Unit]
Description=force mount ZFS
[email protected]
After=zfs.target pve-storage.target

[Service]
Type=oneshot
ExecStart=/usr/sbin/zfs mount -a -O

[Install]
WantedBy=multi-user.target 

# systemctl enable zfs-force-mount

参考:

把ASA配置为单臂VPN接入点

目标

把ASA设置为一个VPN接入点,挂在现有的网关路由器下面,让AnyConnect连入的客户端能够正常访问本地内网和公网。防火墙设为全部放通。

示例中使用以下配置:

  • 现有的内网:10.0.0.0/24
  • 网关:10.0.0.1
  • ASA:10.0.0.2
  • AnyConnect客户端地址池:10.0.253.0/24, fd00::/64

继续阅读